Update - looks like there’s no exposure to the vulnerability for us. The Debian images we use do not use a vulnerable version of OpenSSL.
Thanks for the patience! John On Jul 10, 2015, at 10:19 AM, John Kinsella <j...@stratosec.co<mailto:j...@stratosec.co>> wrote: Folks - just put up a brief blog post about the latest OpenSSL issue and how that affects CloudStack. Long story short - we think it does, but are verifying that. Hopefully will have an update by the end of the day. https://blogs.apache.org/cloudstack/entry/cloudstack_and_openssl_cve_2015 Will update here and on the blog/twitters as we know more. John
