Hi folks,
I'm pretty sure most of you have heard, or read by now,
but I'd still like to put it out there for completeness.
There's a newly discovered OpenSSL Bug. It affects new
versions of OpenSSL 1.0.1 through 1.0.1f, which implement
the heartbeat extension. The bug has been nick-named
heart-bleed, and there's a complete write-up here:
http://heartbleed.com/
If you are using Traffic Server as SSL end-point *or*
as client with these vulnerable versions of OpenSSL, we
highly urge you to upgrade your OpenSSL library[1]. If you
are using it as SSL end-point, we additionally advise
you to roll out new private keys and re-issue certificates.
Thank you very much, and stay safe,
-- The Apache Traffic Server Team.
[1]: This has hopefully been handled by your OS vendor already
