LiquidFiles Documentation
LiquidFiles Documentation

System Vulnerabilities

Is LiquidFiles vulnerable to Heartbleed, Shellshock, CVE-XXX,...?

Every so often there's a new widespread vulnerability like Heartbleed, Shellshock and other problems with a CVE number. These vulnerabilities does not affect the LiquidFiles application directly but potentially the underlying operating system Ubuntu.

So am I vulnerable?

Often we get questions like, we run LiquidFiles v2.3.4, is that version vulnerable to Heartbleed?

LiquidFiles does not work like that - specific Ubuntu patches are not installed by specific LiquidFiles versions.

When you update LiquidFiles, it will update to the latest available Ubuntu updates at the time of the update. This means that if you update LiquidFiles after Ubuntu has released a patch you will be protected, regardless of specific LiquidFiles version you update to.

Enabling Auto-Updates

LiquidFiles has 4 levels of auto-update functions:

  • None - Neither the LiquidFiles application or any system and security updates will be installed. If you have enabled Virus Scanning then AV signatures will still be updated.
  • Auto-Update LiquidFiles Application (default) - Automatically update the LiquidFiles application as new versions are released. Together with the application updates are installed latest available system and security updates.
  • Auto-Update LiquidFiles Application + System Security Updates - Autoupdates the LiquidFiles application and will also install any security updates daily basis.
  • Auto-Update System Security Updates - Install security updates as above but don't automatically update the LiquidFiles application.

It is recommended that you enable at least to auto-update the Operating System & Anti Virus. This will ensure that when a security update is released by Ubuntu it will be installed on your LiquidFiles system as soon as possible and keep you protected from any future issues.

To figure out when a problem has been fixed, please search for the vulnerability at the Ubuntu Vulnerability database: