We are releasing the heart bleed vulnerability patch of CUBRID Manager Server.
You have already seen the news regarding Heart Bleed bug, this vulnerability affecting a lot of web site which are using OpenSSL to provide https protocol.
CUBRID Manager Server uses OpenSSL in its https api and if you are using on the outside of network zone, it might be taken the vulnerability problem. Because of using OpenSSL 1.0.1c on CUBRID Manager Server to provide https CM API, we highly recommend to patch using this heart bleed vulnerability patch version.
Supported CUBRID Engine version:
How to Upgrade:
1. Download a new patch according to your CUBRID Engine version and OS from http://ftp.cubrid.org/CUBRID_Tools/CUBRID_Manager_Server/Patch/20140417_openssl_heartbleed/
2. Stop CUBRID manager process using the following command:
> cubrid manager stop @ cubrid manager server stop ++ cubrid manager server stop: success
3. Copy cub_cmhttpd.exe(cub_cmserver_ext.exe for 9.2.0) in patch to %CUBRID%\bin\, replacing the original cub_cmhttpd.exe and cub_js.exe file.
In Linux, Copy cub_cmhttpd(cub_cmserver_ext for 9.2.0) in patch to $CUBRID/bin/, replacing the original cub_cmhttpd.
4. Start CUBRID manager process using the following command:
> cubrid manager start @ cubrid manager server start ++ cubrid manager server start: success
Please close web manager in your browser before patching, otherwise maybe some unpredictable errors will happen.