cancel
Showing results for 
Search instead for 
Did you mean: 

What's the meaning of the new "16.0.0 Security Patches"?

VolkerBarth
Contributor
2,495

Reading through the fresh 16.0.0.2178 EBF for Windows 64, I'm noticing a new section "16.0.0 Security Patches":

It seems to comprise only platforms with rarer SA releases like AIX or HP-IA64.

alt text

Does it mean those platforms get "partial" updates with just the security components (= OpenSLL?) being modified?

And if so, can I assume such security patches won't be released for more commonly used platforms like Windows or Linux on x86?

Accepted Solutions (1)

Accepted Solutions (1)

MarkCulp
Participant

Just as the readme states, A Security Patch is a (re)release of an already released version of the software but with updated security components. E.g. the pieces of software that perform the encryption and decryption and secure communications. The basic idea behind the Security Patches is to get out updated software quickly to the SQL Anywhere customers when a vulnerability has been exposed. I.e. In recent times the OpenSSL software that we embed into SQL Anywhere has had a number of high exposure vulnerabilities.

Each Security Patch is a full (re)release of the software: all of the SQL Anywhere components are contained in the Security Patch, the originally released (non security related) components are unchanged and the security related components are updated. This means that if you are needing to update your software and the latest release for the platform is a Security Patch then that is the version that you should use.

You have noticed that the only Security Patches that are currently listed are of those less used platforms. The reason for this is that the updated security components in the other platforms - Windows and Linux x86/64 (and others) - get released within "regular" releases that are in the pipeline and therefore we do not need to do a Security Patch for them.

HTH

Answers (0)