Download DataFlex Web Application Server

DataFlex WebApp Server

The DataFlex WebApp Server needs to be installed on an IIS web server, to run DataFlex web applications as well as web services. The server installer supports a command line interface that describes what components to install, what installation path to use etc.

Licensing

The DataFlex WebApp Server can be licensed as a "per application" counted server, or as a web client license, whereby the license is charged for a number of Named users.

DataFlex 19.1.58 is an updated release that contains bug fixes for important issues reported by the development community. Most of these issues were new to DataFlex 19.1. The updates are available as complete new installations (including the Studio, Server and Client installations) and are meant to replace the previous release builds (DataFlex 19.1.56). For detailed information about the update see this document.

DataFlex WebApp Server

The DataFlex WebApp Server needs to be installed on an IIS web server, to run DataFlex web applications as well as web services. The server installer supports a command line interface that describes what components to install, what installation path to use etc.

Licensing

The DataFlex WebApp Server can be licensed as a "per application" counted server, or as a web client license, whereby the license is charged for a number of Named users.

DataFlex WebApp Server

The DataFlex WebApp Server needs to be installed on an IIS web server, to run DataFlex web applications as well as web services. 

Licensing

The DataFlex WebApp Server can be licensed as a "per application" counted server, or as a web client license, whereby the license is charged for a number of Named users.

Recently, two issues were brought to our attention that we have addressed with in-line updates to DataFlex 18.x. Other than the information below, there are no changes to these releases. 

1. Windows 10 Creators Update Bug

As part of the Windows 10 Creators Update, Microsoft introduced an operating system bug that halts program execution when using the GetWindowLong function to retrieve information from a window that is not processing its message queue. This bug is not DataFlex specific, it was reported to Microsoft using test programs written in C.

Microsoft has acknowledged this bug and has stated their intention to address it in a future Windows 10 update. To respond to this issue in the shortest possible time for the benefit of our developers, we have created a work around in DataFlex for this operating system bug. We eliminated the use of the GetWindowLong call during initialization as it was a legacy technique to look for other DataFlex instances that is no longer used. This workaround is implemented in the DataFlex Virtual Machine (runtime) component (vdfvm18.dll).

2. Web Services Updates

DataFlex developer Raphael Theiler identified the potential for External XML Entity Injections (XXE) and exponential entity expansions to be exploited in DataFlex Web Services. We confirmed his findings and have addressed both vulnerabilities in an update to our Web Services engine.

During the same time period, we discovered that sending HTTP POST requests without a body to a JSON web service could cause a crash and have hardened Web Application Server against that scenario.
There are three changes in the update to the DataFlex Web Application Server Web Service Endpoint (waswsvc.dll) to address these issues.

• Fix for XXE vulnerability of web services parser
• Fix for exponential entity expansion vulnerability of web services parser
• Fixed a bug where HTTP POST requests without a body to a JSON Web Service would cause a crash

Updates are available now...

The new components have been published for DataFlex 18.2 (original release date of July 2016).

As an alternative, a ZIP file (DataFlex18.2Update.zip) that contains the two changed components that can be applied to existing installations.

Data Access Worldwide Recommends...

For DataFlex 2016/18.2, we recommend uninstalling version 18.2.68.9 and then installing the updated DataFlex 18.2.71.1. If you elect to update your environments with the DataFlex18.2Update.zip file, follow the instructions included in the ZIP.

The updated DataFlex 18.2.71.1 installations also contain the latest SQL Drivers (6.1.0.32) and related documentation. If you apply the virtual machine and web services updates manually with the DataFlex18.2Update.zip file, we recommend updating to the latest SQL drivers at the same time. You can obtain the SQL Driver update at: https://www.dataaccess.eu/resources/downloads/download-category/download-subcategory-842?dagapsg=80

DataFlex WebApp Server

The DataFlex WebApp Server needs to be installed on an IIS web server, to run DataFlex web applications as well as web services. 

Licensing

The DataFlex WebApp Server can be licensed as a "per application" counted server, or as a web client license, whereby the license is charged for a number of Named users.

Recently, two issues were brought to our attention that we have addressed with in-line updates to DataFlex 18.x. Other than the information below, there are no changes to these releases. 

1. Windows 10 Creators Update Bug

As part of the Windows 10 Creators Update, Microsoft introduced an operating system bug that halts program execution when using the GetWindowLong function to retrieve information from a window that is not processing its message queue. This bug is not DataFlex specific, it was reported to Microsoft using test programs written in C.

Microsoft has acknowledged this bug and has stated their intention to address it in a future Windows 10 update. To respond to this issue in the shortest possible time for the benefit of our developers, we have created a work around in DataFlex for this operating system bug. We eliminated the use of the GetWindowLong call during initialization as it was a legacy technique to look for other DataFlex instances that is no longer used. This workaround is implemented in the DataFlex Virtual Machine (runtime) component (vdfvm18.dll).

2. Web Services Updates

DataFlex developer Raphael Theiler identified the potential for External XML Entity Injections (XXE) and exponential entity expansions to be exploited in DataFlex Web Services. We confirmed his findings and have addressed both vulnerabilities in an update to our Web Services engine.

During the same time period, we discovered that sending HTTP POST requests without a body to a JSON web service could cause a crash and have hardened Web Application Server against that scenario.
There are three changes in the update to the DataFlex Web Application Server Web Service Endpoint (waswsvc.dll) to address these issues.

• Fix for XXE vulnerability of web services parser
• Fix for exponential entity expansion vulnerability of web services parser
• Fixed a bug where HTTP POST requests without a body to a JSON Web Service would cause a crash

Updates are available now...

The new components have been published for DataFlex 18.1 (original release date of July 2015) as ZIP file. The ZIP file (DataFlex18.1Update.Zip) contains the two changed components that can be applied to existing installations.

Data Access Worldwide Recommends...

We recommend updating to the latest SQL drivers at the same time. You can obtain the SQL Driver update at: https://www.dataaccess.eu/resources/downloads/download-category/download-subcategory-842?dagapsg=80

DataFlex WebApp Server

The DataFlex WebApp Server needs to be installed on an IIS web server, to run DataFlex web applications as well as web services. 

Licensing

The DataFlex WebApp Server can be licensed as a ""per application"" counted server, or as a web client license, whereby the license is charged for a number of Named users.

Recently, two issues were brought to our attention that we have addressed with in-line updates to DataFlex 18.x. Other than the information below, there are no changes to these releases.

1. Windows 10 Creators Update Bug

As part of the Windows 10 Creators Update, Microsoft introduced an operating system bug that halts program execution when using the GetWindowLong function to retrieve information from a window that is not processing its message queue. This bug is not DataFlex specific, it was reported to Microsoft using test programs written in C.

Microsoft has acknowledged this bug and has stated their intention to address it in a future Windows 10 update. To respond to this issue in the shortest possible time for the benefit of our developers, we have created a work around in DataFlex for this operating system bug. We eliminated the use of the GetWindowLong call during initialization as it was a legacy technique to look for other DataFlex instances that is no longer used. This workaround is implemented in the DataFlex Virtual Machine (runtime) component (vdfvm18.dll).

2. Web Services Updates

DataFlex developer Raphael Theiler identified the potential for External XML Entity Injections (XXE) and exponential entity expansions to be exploited in DataFlex Web Services. We confirmed his findings and have addressed both vulnerabilities in an update to our Web Services engine.

During the same time period, we discovered that sending HTTP POST requests without a body to a JSON web service could cause a crash and have hardened Web Application Server against that scenario.
There are three changes in the update to the DataFlex Web Application Server Web Service Endpoint (waswsvc.dll) to address these issues.

• Fix for XXE vulnerability of web services parser
• Fix for exponential entity expansion vulnerability of web services parser
• Fixed a bug where HTTP POST requests without a body to a JSON Web Service would cause a crash

Updates are available now...

The new components have been published for DataFlex 18.0 (original release date of August 2014) as ZIP file. The ZIP file (DataFlex18.0Update.Zip) contains the two changed components that can be applied to existing installations.

DataFlex WebApp Server

The DataFlex WebApp Server needs to be installed on an IIS web server, to run DataFlex web applications as well as web services. 

Licensing

The DataFlex WebApp Server can be licensed as a ""per application"" counted server, or as a web client license, whereby the license is charged for a number of Named users.