As many of you know, dBASE PLUS 8.x ships with the ability to expose your dBASE application as a web service using the included Apache web server. You may also have heard about the Heartbleed vulnerability that has affected many of the Apache servers worldwide. Fortunately, the software shipped by dBase, LLC for Apache did not contain the vulnerability.
dBase, LLC only ships the standard installation of Apache that does not include the OpenSSL module which is where the vulnerability exists. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected. Affected users should upgrade to OpenSSL 1.0.1g.
https://www.openssl.org/news/secadv_20140407.txt
Furthermore, the online shopping cart vendor, Volusion, that dBase, LLC uses to sell all of our products was not affected by the Heartbleed vulnerability. This is because Volusion does not use OpenSSL.
http://onlinebusiness.volusion.com/articles/heartbleed-bug/
https://www.volusion.com/ssl.asp?url=store.dbase.com
https://lastpass.com/heartbleed/?h=store.dbase.com
Here at dBase, LLC we take your security seriously and wanted to share with you that your dBASE applications, as well as the information you transmitted to our online store has not been affected by the Heartbleed vulnerability.
