Heartbleed OpenSSL fix

Dear Customers,

Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet’s Transport Layer Security (TLS) protocol. This vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension. A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed:

http://www.openssl.org/news/secadv_20140407.txt

What is the impact on Genero products?

The Genero Desktop Client (GDC) on Linux and Mac OS X and Genero BDL (FGLGWS) 2.50.xx on Mac OS X use the system OpenSSL library.

Therefore for the Genero Desktop Client (GDC) on Linux and Mac OS X and FGLGWS 2.50.xx on Mac OS X, please verify your system OpenSSL library version in accordance with the OpenSSL security advisory, and update the library if necessary.

For the other Genero products where OpenSSL is mandatory, the OpenSSL version provided in the packages is 1.0.0k. This OpenSSL version is not affected by the defect.

Check also your Web server regarding the use of https protocol between the Genero Application Sever (GAS) and the various User Agents (Genero Desktop Client (GDC), Web Browser, and Genero Web Services (GWS) Clients).

Best regards,

Four Js Development Tools