The following are the current security vulnerabilities in regard to XML Parser, OpenSSL and Java: MSXML 4.0 SP3 Parser currently has 6 high and 2 medium risk vulnerabilities that cannot be mitigated as MSXML 4.0 SP3 Parser is no longer supported by Microsoft as of 04/12/2014. OpenSSL 1.0.1g has 3 high and 21 medium risk vulnerabilities that can be mitigated by updating OpenSSL 1.0.1g to the latest version which is 1.0.1m. Java 6 Update 22 has 93 high and 70 medium risk vulnerabilities associated with it. Java 6 is no longer supported and therefore there is no mitigation for the vulnerabilities. It also installs Java 7 Update 10 which has 95 high and 69 medium vulnerabilities that would need to be mitigated. For Silk Performer 15.5, we have now released Silk Performer 15.5 Hotfix 4 which, among other things, provides “Upgrade of outdated third-party modules: XML Parser, OpenSSL and Java”. This Hotfix can be downloaded from the ‘Product Updates’ section of the Supportline Website (after logging in): http://supportline.microfocus.com This is a complete installation of Silk Performer, which will uninstall the previous installation of Silk Performer 15.5. A future release of Silk Performer will update support to Java 8. 2812164
↧