NetTalk Central

Author Topic: Security is a Process, not an Event.  (Read 6577 times)

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11245
    • View Profile
Security is a Process, not an Event.
« on: November 28, 2022, 09:53:09 PM »
If I've had a slogan this year, it's been the above heading. As Desktop developers we are not always security conscious, and many of us grew up in a programming-age when security was not a big deal. But, especially for web apps, security is very important - something we really do need to make time for.

To this end, I am releasing updates to NetTalk 10, NetTalk 11 and NetTalk 12 today all in the interests of improving security.

https://www.capesoft.com/accessories/downloads
 
This is an important update, and if you are making web apps with any of these then please take a time-out sometime today, grab the update, compile your apps, and move on. I know you have other important things to do, and this is a task you don't necessarily plan for, but this update is Important - and strongly recommended.

It incorporates the latest build of OpenSSL, an updated CAROOT.PEM certificate file, updates to the NetAcme class, and more.

There is no charge for these updates, and I consider them serious enough to roll back into NetTalk 10 and NetTalk 11 in addition to NetTalk 12. It takes real work to back-port them, and test the updates, so treat that as a valuable signal that you should make use of them.

Please note that these updates use StringTheory 3.40 or later (so grab that update if you are old there as well.) And (for NT10 users) the new OpenSSL DLL's make use of the VC 2017 Runtime - see https://www.capesoft.com/docs/NetTalk10/NetTalk.htm#DeployingAtlsClientOrServer

I know updates, especially unplanned updates, can be scary, but there are security reasons not to skip this one.