Thanks John!, very useful.

>3. Selecting both modules will probably make the more recent file override the older one, but this is an inherently risky way to go. We really need a new Vfp8Runtime.msm with updated dependencies.
>
>Testing continues ...

I did not try yet, did your tests show good results?


TIA
-Stefan

>>Could somebody with an "in" to Ken Levy please get a response about the GDI+ vulnerability and how it affects VFP ...
>
>(This is a repost from yesterday under 'Installshield' because of my time zone.)
>
>All
>
>Installshield have now put a merge module with the 'safe' GDIPLUS.DLL in it in their public downloads area:
>http://www.installshield.com/downloads/modules.asp?prod=cx&lan=english&xmlUse=y&xmlUse=y&xmlUse=n
>
>The build is 5.1.3102.1355.
>
>Problems:
>
>1. Place in the new module in the C:\Program Files\Common Files\Merge Modules\ folder. It will appear as 'Microsoft GDI+'. Change the module's install location to the VFP location C:\Program Files\Common Files\Microsoft Shared\VFP\.
>
>2. Vfp8Runtime.msm is hard wired to select the (old) module VFP_GDIPlus.msm. It appears as 'GDI Plus Redist Module'. It cannot be de-selected. Physically removing it causes the Installshield build to fail.
>
>3. Selecting both modules will probably make the more recent file override the older one, but this is an inherently risky way to go. We really need a new Vfp8Runtime.msm with updated dependencies.
>
>Testing continues ...
>John Burton