Camel, CXF, Karaf are all written in Java and Java has its own crypto/SSL implementation. There's no dependency on OpenSSL in any of those applications/frameworks.
Of course if you're running Camel/CXF/Karaf on a server that does use OpenSSL for something else (let's say you're running Camel or CXF behind Apache HTTPd with mod_ssl) then you may be affected by this vulnerability since mod_ssl does use OpenSSL. But Camel, CXF, Karaf and ActiveMQ itself don't use OpenSSL. Kind regards, Richard Kettelerij http://richardlog.com On Wed, Apr 9, 2014 at 7:53 PM, bocamel <johnz...@gmail.com> wrote: > We are using Camel (with CXF and Karaf). Does anyone know if we should be > concerned with this new OpenSSL security bug? > > Thanks! > > > > -- > View this message in context: > http://camel.465427.n5.nabble.com/Is-Camel-affected-by-the-OpenSSL-heart-bleed-bug-tp5750006.html > Sent from the Camel - Users mailing list archive at Nabble.com. >
