UPDATE: Connext DDS 5.1 & Heartbleed
Written by Lacey Trebaol
May 5, 2014
The Heartbleed bug is serious, with the potential to expose user passwords and other sensitive information.
The vulnerabilities created by the Heartbleed bug have been identified in certain versions of the OpenSSL cryptographic software library. More information about the bug can be found at www.heartbleed.com.
OpenSSL is used for certain features in RTI Connext DDS such as the Secure WAN and TLS transports. RTI Connext DDS 5.1.0 shipped with a version of OpenSSL that is affected by the Heartbleed bug.
OpenSSL version 1.0.1g addresses the heartbleed bug (see the OpenSSL security advisory here: http://www.openssl.org/news/secadv_20140407.txt). RTI has built and tested OpenSSL version 1.0.1g against RTI Connext DDS 5.1.0 and made it available on the RTI Customer Portal. Any customer who is using RTI Connext DDS 5.1.0 and OpenSSL should replace their existing OpenSSL installation with the new version.
If you are using a different version of RTI Connext DDS, you are not affected by the vulnerability and no action is required.