Wednesday, April 9, 2014

The SSL Heartbleed bug: UPDATE NOW!

The OpenSSL "Heartbleed Bug (CVE-2014-0160)" (see https://www.openssl.org/news/secadv_20140407.txt), as it is being called, is a serious security hole in the Secure Sockel Layer (SSL) used for sending private documents over the internet. This bug is fixed for Allegro CL by our recent SSL module update. This update affects Windows and UNIX ports of Allegro CL and AllegroGraph.
Some background: the ACL SSL module has some glue code that sits between the OpenSSL library and Allegro CL (and any app that is built upon Allegro CL, including AllegroGraph). On UNIX, this glue code statically links with the OpenSSL libraries. On Windows, we dynamically link to the installed OpenSSL libraries on the system.
Visit the Franz Tech Corner for more details
http://franz.com/support/tech_corner/heartbleed040914.lhtml