UPDATE: Heartbleed Patch Applied to All DuraSpace Services and Websites

Thu, 2014-04-17 14:08 -- carol

Dear DuraSpace Services, Wiki, JIRA and Website Users,

Winchester, MA  As you know a vulnerability in OpenSSL, which has been named “Heartbleed”, was detected earlier this month.

“Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet's Transport Layer Security (TLS) protocol. This vulnerability results from a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension, the heartbeat being why the vulnerability got its name. A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed.” [1]

The Heartbleed patch (a fixed version of OpenSSL) was applied to all DuraSpace services and websites on April 8, 2014 including:

• DuraCloud
• DSpaceDirect
• DuraSpace Wiki
• DuraSpace.org
• DSpace.org
• FedoraRepository.org
• DuraCloud.org

[1] Wikipedia, http://en.wikipedia.org/wiki/Heartbleed