The recently-discovered "Heartbleed" security vulnerability
in OpenSSL may affect some users of qpid.
What is *not* affected:
* The qpid c++ broker does not use OpenSSL internally.
It uses NSS.
What may be affected:
* The native python qpid.messaging client.
It uses OpenSSL "under the covers".
* proton's built in ssl support, used by messenger and
dispatch router, uses openssl (on linux).
Not all versions of OpenSSL are affected. You should check
the version your installations are using, and compare to
affected versions listed at www.openssl.org .
Please look at https://www.openssl.org/news/secadv_20140407.txt
for advice on minimum immediate actions.
You may also want to consider whether certs, passwords, or
other sensitive information may have been compromised.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
