4.5.2 is a hotfix release and will be deployed this Thursday, 2nd of October.

Hotfix

Technical Bulletins

We have included a number of relevant technical bulletins below.

ShellShock Security Bug

Like the HeartBleed vulnerability before it, the ShellShock bug is a serious security vulnerability but does not impact Windows operating systems. SharePoint and SQL servers are not affected by this issue.


Mac OS X (fix available), and other Unix based systems are vulnerable, more information is available from US-Cert Alert (TA14-268A).

Safari for iOS 8 Login Bug

The recent iOS 8 update for iPads and iPhones contains a Windows authentication bug in Safari. The bug prevents users from successfully logging into a site after entering their username and password. The issue is present in the latest 8.0.2 release but has been fixed in the current iOS 8.1 beta. There's been no comment from Apple on an expected time frame for resolution.

Two workarounds are available for users experiencing the problem:

Sunsetting SHA-1 Based Certificates

MicrosoftGoogle, and Mozilla have all recently deprecated support for SHA-1 based SSL certificates and plan to turn it off in 2017. Starting this November, HTTPS sites in Chrome using SHA-1 SSL certificates valid past January 2017, will no longer appear fully trusted in Chrome. You can test your certificates using an online SHA-1 testing tool



More Information

If you have any questions regarding the update process please see our original notice