DevBlog

Last September, Micorosoft posted a security bulletin and patch for a critical GDI+ vulnerabilty. You can read about it here. At the time, there were several questions about how this would affect VFP 8.0, since it requires GDI+. The official word from the Fox team was "We're looking into it". This week, we got the answer in the form of two security patches for VFP.

The first is for design-time (download here). This patch file updates gdiplus.dll in C:\Program Files\Common Files\Microsoft Shared\VFP, the HOME() folder (on Win2K only) and the .msm file so new distributions will be patched. Note that if you use Windows XP or Windows 2003 Server, VFP uses the GDI+ in the OS, so if you patched back in September, you're ok, but you'll want to install the patch anyway so new distributions will be patched.

The second patch is for runtime. If you distributed a VFP 8.0 application, you need to update your endusers. You can do this in one of two ways. First, you can build and distribute a new setup using the updated merge modules in the Design-time update. Second, you can send your users the runtime patch file (download here) and have them run it.

Update: Clarified the Design-time patch.