As you may have seen in the news, a vulnerability in recent versions of OpenSSL has been found.
Current versions of VPOP3 are released with OpenSSL 1.0.1e which does have this vulnerability. The next version of VPOP3 will be released with OpenSSL 1.0.1g which has been patched.
Older versions of VPOP3 (v6.2 and earlier) used OpenSSL 0.9.8g which does not have this vulnerability.
You can easily tell which version of OpenSSL your VPOP3 installation has:
- find the VPOP3 installation directory in Windows Explorer
- find the ‘libeay32.dll’ file
- right-click it and choose Properties
- go to the ‘Details’ tab
- Look at the ‘Product Version’ entry
If your VPOP3 has OpenSSL 1.0.1e then you should upgrade it to 1.0.1g. You can download the Win32 OpenSSL installer and copy the SSLEAY32.DLL and LIBEAY32.DLL files into the VPOP3 directory, or download the files from here and unzip the download into the VPOP3 directory (you will need to stop VPOP3 first).