These Forums Have Moved
The Komodo forums have moved to a new home at community.komodoide.com, please head over there to post your topics!
Note that the new forums are a fresh start - you will have to register a new account.
- Community |
- Code |
- Docs |
- Downloads ▼ |
- more ▼
Heartbleed vulnerability and Stackato
Posted by jamesf
on 2014-04-09 07:59
Question:
Is Stackato vulnerable to the Heartbleed bug? How can I patch Stackato?
Answer:
Stackato is vulnerable to the Heartbleed bug. You can patch your system by running "kato patch install heartbleed-fix". This patch will install updated OpenSSL libraries on both the host VM and inside the container templates. Most apps won't need to be redeployed, but some may depending on the app and how SSL is used. We advise you test your app (see tools below) after applying the patch to determine if redeploying the app is necessary.
A patch is also available for Stackato 2.10.4 here:
https://get.stackato.com/patch/2.10/stackato-2.10.4-heartbleed.sh
If you have any questions please contact ActiveState support.
More info:
http://heartbleed.com/
http://filippo.io/Heartbleed/
https://gist.github.com/sh1n0b1/10100394
https://github.com/titanous/heartbleeder
- Login to post comments
Stackato clients earlier than v3.0.8 may be vulnerable to client-side attacks, please ensure you have updated your Stackato CLI to the latest version as well.