Heartbleed bug

« Heartbleed Bug - Update FileMaker Server 13.0v1a
Blog
Use of Execute SQL calling FileMaker back on itself »

Repost from the release by FileMaker Inc. Below is the release we received. Currently we see no real threat but will keep an eye out for updates from FileMaker Inc.

What is the Heartbleed bug, and how does it apply to FileMaker 13?

The Heartbleed bug is a vulnerability in the popular OpenSSL cryptographic software library. The vulnerability applies to specific versions of the OpenSSL library.

FileMaker Pro 13, FileMaker Pro 13 Advanced, FileMaker Go 13 and FileMaker Server 13 include a version of OpenSSL which has been identified as being vulnerable to the Heartbleed bug.

FileMaker Server 12, FileMaker Pro 12, FileMaker Pro 12 Advanced, and FileMaker Go 12 and prior versions are not vulnerable to the Heartbleed bug.

How can I tell if the Heartbleed bug is a threat to my installation of FileMaker Pro 13 or FileMaker Pro 13 Advanced?

FileMaker Pro 13 and FileMaker Pro 13 Advanced are vulnerable only when connecting to a non-FileMaker server (such as a web server) via an SSL connection which may have been compromised, AND when using any of these three features:

  • Insert from URL
  • Send Mail via an SMTP Server
  • Import Records from an XML data source

How can I tell if the Heartbleed bug is a threat to my installation of FileMaker Go 13?

FileMaker Go 13 is vulnerable only when using Insert from URL AND connecting to a non-FileMaker server (such as a web server) via an SSL connection which may have been compromised.

What can I do to protect my installation of FileMaker from the Heartbleed bug?

During the week of April 21, 2014 FileMaker, Inc. expects to release updates for FileMaker Pro 13, FileMaker Pro 13 Advanced, FileMaker Go 13 and FileMaker Server 13 that will address the vulnerabilities created by the Heartbleed bug. We will recommend that all users install the updates.

In the meantime FileMaker Server 13 users can also apply an update manually.

For FileMaker Pro 13, FileMaker Pro 13 Advanced, and FileMaker Go 13 avoid using the functions listed above unless you are connecting to a non-FileMaker server you are confident is secure.


More information on FileMaker products and the Heartbleed bug ›

Apr 17, 2014 at 9:57 AM
© Terra Software Corporation 2019