islam.md786 Posted April 15, 2014 Share Posted April 15, 2014 Hi Teodor,This is a very critical urgent issue. So would be nice if you could please reply ASAP.Question : Is Jasper affected by Heartbleed bug (http://heartbleed.com/)?The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).Status of different versions:· OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable· OpenSSL 1.0.1g is NOT vulnerable· OpenSSL 1.0.0 branch is NOT vulnerable· OpenSSL 0.9.8 branch is NOT vulnerableBug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.I would like to know which version of OpenSSL is being used in Jasper? Thanks,Rofikul Link to comment Share on other sites More sharing options...
Solution mgeise Posted April 15, 2014 Solution Share Posted April 15, 2014 JasperReports Server does not actually ship with OpenSSL. It would be library that is on the actual server shipped within the operating system (not within JasperReports Server). If you have OpenSSL installed on your server, you should be able to do a simple update to it to ensure that you are not vulnerable. The following has some information on how to run the update on various operating systems. https://www.digitalocean.com/community/articles/how-to-protect-your-server-against-the-heartbleed-openssl-vulnerabilityIf your concern is not about the product, but instead about our websites (jaspersoft.com, community.jaspersoft.com, etc), we updated our OpenSSL version very quickly, within the first day of when heartbleed was announced. We do not feel that any user information has been corrupted, however we recommend that you change your passwords just as recommended by most sites base on this issue. Regularly changing your passwords is always a good practice to improve security. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now