Recently a serious security vulnerability was discovered in the OpenSSL cryptographic software library. MarkLogic application servers can be configured to use SSL, and MarkLogic uses OpenSSL to provide this capability. The following versions of MarkLogic are impacted:
* MarkLogic 5.0-5 through 5.0-6 * All versions of MarkLogic 6.0 (6.0-1 through 6.0-5) * All versions of MarkLogic 7.0 (7.0-1 through 7.0-2.2), including the MarkLogic AMIs MarkLogic versions prior to 5.0-5 use an earlier version of OpenSSL that does not have this vulnerability. We are currently building and testing patches to address this vulnerability, and will be posting these patches as they become available at http://developer.marklogic.com. We'll update you when these patches become available. More information about the heartbleed vulnerability can be found at http://heartbleed.com or https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160. n David David Gorbet VP Engineering MarkLogic Corporation email [email protected]<mailto:[email protected]> web www.marklogic.com<http://www.marklogic.com/> Join us on the MarkLogic World Tour<http://world.marklogic.com/>.
_______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
