Heartbleed (Heartbeat) OpenSSL Vulnerability
A serious vulnerability known as the heartbleed bug was recently discovered in OpenSSL. Alpha Anywhere, Alpha Five and the Application Server use OpenSSL for encryption, so they are impacted by this vulnerability if they are using OpenSSL 1.0.1 though 1.0.1f.

How Can I Resolve This Vulnerability
The OpenSSL Project closed this vulnerability in release 1.0.1g, which they made available on Monday, 4/7/2014. We incorporated it into the Alpha Anywhere builds on Tuesday, 4/8/2014. It is available in the Alpha Anywhere prereleases as of Wednesday, 4/9/2014. Prereleases are available from http://downloads.alphasoftware.com/A...easeNotes.html.

If you do not want to use a prerelease, or you are using a version of Alpha prior to Alpha Anywhere (v12), you can manually update the OpenSSL DLLs on your system to resolve this. (See Below)

How Do I Know What Version of OpenSSL Alpha is Using?
Alpha installs copies of the OpenSSL DLLs in the same location that you install Alpha itself. These DLLs are libeay32.dll and ssleay32.dll. Using Windows Explorer, navigate to the correct folder, then right-click on each of the DLLs, select Properties, and then select the Details tab. The DLL version is shown as Product version, as shown below.


How Do I Manually Update OpenSSL
Alpha uses the libeay32.dll and ssleay32.dll files in the installation folder to work with OpenSSL. To update your version of OpenSSL, simply replace these two files with newer versions, making sure that the version number of both replacement files match each other.

Please note that as these DLLs are used for encryption operations, you should only obtain them from a trusted source. Alpha Software is not responsible for the use of OpenSSL DLLs obtained from sources other than Alpha Software. You may obtain the DLLs from Alpha at http://dlcf.alphasoftware.com/a5v12D...nSSL1.0.1g.zip Note: These DLLs are OpenSSL version 1.0.1g and are the latest as of April 9, 2014. They are not guaranteed to be the latest available should OpenSSL release an update.

Additional Information and Resources
The OpenSSL Project
OpenSSL Security Advisory CVE-2014-0160
The Heartbleed Bug
Online Heartbleed Vulnerability Tester