Recently a serious security vulnerability was discovered in the OpenSSL cryptographic software library. MarkLogic application servers can be configured to use SSL, and MarkLogic uses OpenSSL to provide this capability. A patch to OpenSSL has been released to address this vulnerability, and MarkLogic has built patches for all impacted MarkLogic versions with OpenSSL 1.0.1g to incorporate this new fix.
The following versions of MarkLogic are impacted by this vulnerability:
MarkLogic versions prior to 5.0-5 use an earlier version of OpenSSL that does not have this vulnerability.
How to Patch
We recommend that customers who are using SSL patch their systems immediately. To do this:
If you have any questions about how to patch, feel free to contact firstname.lastname@example.org.
More information about the heartbleed vulnerability can be found at http://heartbleed.com or https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160.
View all posts from David Gorbet on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.Learn More
Subscribe to get all the news, info and tutorials you need to build better business apps and sites
You can also ask us not to share your Personal Information to third parties here: Do Not Sell or Share My Info
We see that you have already chosen to receive marketing materials from us. If you wish to change this at any time you may do so by clicking here.
Thank you for your continued interest in Progress. Based on either your previous activity on our websites or our ongoing relationship, we will keep you updated on our products, solutions, services, company news and events. If you decide that you want to be removed from our mailing lists at any time, you can change your contact preferences by clicking here.