Version 5.6 Build 450.9SP Security Patch Update

This v5.6.450.9SP Security Patch update addresses an OpenSSL (Secured Socket Layer) vulnerability and a Wildcat! Web Server buffer overflow bug.

SPECIAL UPGRADE NOTES:

• IMPORTANT:  If you used AUTOUPDATE to update your system,  AUTOUPDATE will send the zip  files,  OPENSSL.ZIP and WCSSL.ZIP and stored them in your \wc5 (installation) directory.  You must manually unzip these files yourself to obtain the latest SSL files.

• IMPORTANT:  If you are upgrading from Wildcat! v5.4 or less, please  read the change history in AUP v5.5.450.2. A few conversion steps  much be performed before running this new update as outlined in   the 450.2 Special Notes.  The Wildcat! server will also inform   you of this required conversion if it not done.

• IMPORTANT:  If you are upgrading from Wildcat! v5.5.450.2, please read the change history in AUP v5.6.450.3.  In AUP 450.3, new optional   internet security features (SSL and SASL) were added and WCCONFIG  components related to Mail Operations was reorganized and consolidated  under one section called "Mail Server."

Changes, Fixes, New Features and Enhancements by Wildcat! Component

• WCSSLCONFIG (Wildcat! SSL Configuration)
• WCWEB (Wildcat! Web Server)
• OPENSSL (OPENSSL )

WCSSLCONFIG (Wildcat! SSL Configuration)

• When creating a certificate request with the SSL Certificate Wizard,  the friendly name input field allowed for invalid characters for creating the certificate store directory.   This was fixed by checking for the invalid characters.

WCWEB (Wildcat! WEB Server)

• Fixed an Buffer OverFlow bug caused by a known vulnerability.

OPENSSL (OpenSSL)

• New OPENSSL DLL files are provided that addresses an invalid certificate vulnerability.   The OpenSSL Versions for these files are: 0.9.7c.