The subject says it all, or rather asks it all. Does the application server it is distributed with use openssl, and if so, is the version vulnerable to heartbleed? And, if it is to old to be vulnerable, what other exploits is it vulnerable to? What would be required to eliminate that vulnerability?
I have patched my OpenSuse systems so that the system openssl is no longer vulnerable, but I wouldn't know how to ensure ofbiz uses that. I have already patched all the servers I use for heartbleed (a couple days' work), so now I turn my attention to this. Thanks Ted -- R.E.(Ted) Byers, Ph.D.,Ed.D.
