OpenSSL Vulnerabilities

The guys over at OpenSSL team have just announced several vulnerabilities relating to all versions of OpenSSL (0.9.8, 1.0.0, 1.0.1 and 1.0.2) earlier today.

Over the last few weeks you may have heard of people referring to one of the more serious of these, the potential man-in-the-middle attack CVE-2014-0224.

Fixed!

We have taken immediate action at CDNify and have deployed the required patch to all of our servers, this means that all CDNify customers are fully protected against all the vulnerabilities listed – You don’t need to do anything.

However, if you use OpenSSL on any of your servers or in your projects, we recommend that you head over to the OpenSSL site and upgrade to the most recent versions.

If you’d like to know more about the man-in-the-middle attack and how it was discovered, then check out this blog post from the person who originally discovered it.