By now you’ve probably heard of a security issue called Heartbleed, a bug that allows anyone on the Internet access to read the memory of systems protected by the vulnerable versions of OpenSSL software.
We share your concern for security and privacy and wanted to update you on how this relates to IGUANA. As soon as we found out about the Heartbleed bug, we (iNTERFACEWARE) moved quickly to address and fix the issue – like so many other software and service providers.
The vast majority of IGUANA instances aren’t publicly accessible; we have no evidence the Heartbleed vulnerability was used to compromise any instance. Affected versions of OpenSSL were in use within IGUANA’s secure communication components, so a patch has been applied and the removal of the vulnerability has been confirmed with the release of IGUANA 5.6.5.
What You Should Do
To ensure that you’re protected from the Heartbleed bug, we strongly recommend you upgrade to the latest version — IGUANA (5.6.5). To learn about other additions and fixes in this release please see the complete change log.