I can confirm that we are aware of the issue and working on on a patch. We'll announce here once it's available.
On 04/10/2014 11:20 AM, Michael Blakeley wrote: > The OpenSSL build version is pretty easy to find: > > $ strings ~/Library/MarkLogic/lib/libssl.* | grep -i openssl | head -1 > SSLv2 part of OpenSSL 1.0.1e-fips 11 Feb 2013 > > That's 7.0-2.2 for OSX but I imagine all current releases are the same. With > SSL enabled on a test server, https://github.com/titanous/heartbleeder says: > > $ heartbleeder localhost:8443 > VULNERABLE(localhost:8443) - has the heartbeat extension enabled and is > vulnerable to CVE-2014-0160 > > No doubt MarkLogic is working on new release. > > -- Mike > > On 10 Apr 2014, at 10:31 , Sergio Restrepo <[email protected]> > wrote: > >> Hello, >> >> I have gotten a couple of requests from some of our customers to check on >> heartbleed (http://heartbleed.com/) vulnerability in several of our >> applications. >> >> While we do not use HTTPS in most of our services, the documentation >> (http://docs.marklogic.com/guide/admin/SSL#id_58562) does state MarkLogic >> uses OpenSSL to implement SSL/TLS. >> >> Do you have any insight as to what version of OpenSSL is embedded in >> MarkLogic and if that is vulnerable to heartbleed? >> >> Thanks >> >> SERGIO RESTREPO VP, Architecture >> Yuxi Pacific LLC, 4393 Digital Way Mason, OH 45040 >> [email protected] >> Office: 484-598-3729 >> Skype: yuxi-sergio >> >> >> <image001.png> <image002.png> <image003.png> <image004.png> >> >> <image010.png> >> >> _______________________________________________ >> General mailing list >> [email protected] >> http://developer.marklogic.com/mailman/listinfo/general > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general -- Wayne Feick Principal Engineer MarkLogic Corporation [email protected] Phone: +1 650 655 2378 www.marklogic.com This e-mail and any accompanying attachments are confidential. The information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication by others is strictly prohibited. If you are not the intended recipient, please notify us immediately by returning this message to the sender and delete all copies. Thank you for your cooperation. _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
