OpenSSL and Filezilla Server
Moderator: Project members
-
- 550 Permission denied
- Posts: 24
- Joined: 2011-11-16 03:51
OpenSSL and Filezilla Server
It is my understanding, but please correct me if I am wrong, that Filezilla Server utilizes OpenSSL.
If so, do we have to be concerned about the recent and much publicized security bug found in OpenSSL?
If so, do we have to be concerned about the recent and much publicized security bug found in OpenSSL?
Re: OpenSSL and Filezilla Server
There's no need to be concerned thanks to the advent of FileZilla Server 0.9.44 which contains an updated OpenSSL. You can download the new version from https://filezilla-project.org/download.php?type=server
-
- 500 Command not understood
- Posts: 1
- Joined: 2014-04-09 08:18
- First name: Marco
- Last name: Lazzarotto
Re: OpenSSL and Filezilla Server
Hi, what about Filezilla Server 0.9.34 beta? What's the Openssl version?
-
- 550 Permission denied
- Posts: 24
- Joined: 2011-11-16 03:51
Re: OpenSSL and Filezilla Server
.9.44 was just released.
Does this mean that all previous versions are, and have been, vulnerable?
Does this mean that all previous versions are, and have been, vulnerable?
-
- 500 Command not understood
- Posts: 2
- Joined: 2014-04-09 15:12
- First name: Dan
- Last name: McCann
Re: OpenSSL and Filezilla Server
I just tried to install 0.9.44 on my Windows Server 2003 to mitigate this issue, but the installer is complaining about the OS version. The error message says it thinks it's XP. XP!
-
- 550 Permission denied
- Posts: 24
- Joined: 2011-11-16 03:51
Re: OpenSSL and Filezilla Server
Does that mean that .9.44 cant be installed on XP?
Re: OpenSSL and Filezilla Server
XP is an outdated and operating system no longer supported by its vendor. You shouldn't use outdated systems in a networked environment.
The last version of FileZilla Server that did still support XP has been 0.9.42.
All versions of FileZilla Server earlier than 0.9.44 suffer from OpenSSL vulnerabilities.
The last version of FileZilla Server that did still support XP has been 0.9.42.
All versions of FileZilla Server earlier than 0.9.44 suffer from OpenSSL vulnerabilities.
-
- 500 Command not understood
- Posts: 1
- Joined: 2014-04-09 19:22
- First name: Jason
- Last name: Cruickshank
Re: OpenSSL and Filezilla Server
We're using fzldap, I'm guessing OpenSSL 1.0.1 and thus the Heartbleed vulnerability was present in Filezilla Server 0.9.41?
http://sourceforge.net/projects/fzldap/files/
Jason
http://sourceforge.net/projects/fzldap/files/
Jason
Re: OpenSSL and Filezilla Server
The post from danielmccann said he was getting the XP error when installing on Sever 2003, which is not EOL until July 2015.
EDIT/UPDATE: I tried to update FS 0.9.41 beta, to 0.9.44 on a Server 2003 machine, and the installation failed with the error that Window Vista or higher is required.
I agree with blocking installs on XP which is EOL, but Server 2003 is still supported by Microsoft for another 15 months. Any chance of getting an installer that will allow Server 2003?
EDIT/UPDATE: I tried to update FS 0.9.41 beta, to 0.9.44 on a Server 2003 machine, and the installation failed with the error that Window Vista or higher is required.
I agree with blocking installs on XP which is EOL, but Server 2003 is still supported by Microsoft for another 15 months. Any chance of getting an installer that will allow Server 2003?
Re: OpenSSL and Filezilla Server
With the previous version it took many hours of work to compile binaries for XP(-like) systems, supporting old systems is very tedious. That said, feel free to compile FileZilla Server from source for your particular platform, everything is still there.
-
- 500 Syntax error
- Posts: 15
- Joined: 2014-04-09 21:00
- First name: Victoria
- Last name: Montoya
Re: OpenSSL and Filezilla Server
Windows XP gone then why we need even to keep caring about it?botg wrote:With the previous version it took many hours of work to compile binaries for XP(-like) systems, supporting old systems is very tedious. That said, feel free to compile FileZilla Server from source for your particular platform, everything is still there.
-
- 504 Command not implemented
- Posts: 9
- Joined: 2012-01-10 23:04
Re: OpenSSL and Filezilla Server
When I upgrade .9.40 beta to .9.44 to counter the OpenSSL problem, will I be doing a full install of another instance, or will it pickup and copy over the settings from .9.40?
Thanks.
Thanks.
Re: OpenSSL and Filezilla Server
You can safely install the new version over the old one, your settings will be copied over. One exception: Aliases using physical path syntax are lost. You need to recreate them using virtual path syntax.
Re: OpenSSL and Filezilla Server
Install it to the same folder and it keeps all your settings.
The only thing you have to do when you upgrade is, if you set your service to use a local user account login to be able to access networked files on other computers, you have to redo the user/password for the FileZilla FTP Server service in computer management.
The only thing you have to do when you upgrade is, if you set your service to use a local user account login to be able to access networked files on other computers, you have to redo the user/password for the FileZilla FTP Server service in computer management.
Re: OpenSSL and Filezilla Server
botg was replying to my post about Server 2003, not XP. XP needs to go away for sure. But, there are a LOT of Server 2003 deployments still in production worldwide, which is why there is concern about FS on 2003.victoriamon wrote:Windows XP gone then why we need even to keep caring about it?
Microsoft continues to support Server 2003 until July 2015, but it has XP-like characteristics so the FS installer does not work on 2003.