Heartbleed bug and Zend Server

With recent news of the Heartbleed bug and its associated vulnerability in the OpenSSL library, here is what you need to know about how it affects Zend Server:

On Linux systems, Zend Server uses the OpenSSL library provided by the operating system.  Zend Server does not need to be updated, but please ensure your Linux system is properly updated so all services using OpenSSL (including Zend Server as well as potentially many others) are secure. If you have been using a vulnerable version of OpenSSL (1.0.1 through 1.0.1f inclusive) we highly recommend updating your security keys and passwords after updating the library.

On Windows, IBM i, and Mac OS X systems Zend Server uses OpenSSL 0.9.8, which is unaffected by this vulnerability.

If you have any questions, please don’t hesitate to contact Zend Support.

The following two tabs change content below.

    Zeev Suraski

    Zeev Suraski is CTO and VP of engineering at Rogue Wave Software, leading the Zend research and development teams. One of the principal authors of the PHP programming language, Zeev’s involvement with PHP dates back to 1997 when he co-created the foundation for PHP 3 - the first version of PHP that resembles modern PHP. Zeev later spearheaded the PHP 4 project - which made PHP the most popular development language in the world for web apps, contributed to PHP 5, and is to blame for the sixth version of PHP being named PHP 7. Zeev co-founded Zend Technologies (later acquired by Rogue Wave) in 1999. He holds a bachelor's degree in computer science from the Technion, Israel Institute of Technology.

    About Zeev Suraski

    Zeev Suraski is CTO and VP of engineering at Rogue Wave Software, leading the Zend research and development teams. One of the principal authors of the PHP programming language, Zeev’s involvement with PHP dates back to 1997 when he co-created the foundation for PHP 3 - the first version of PHP that resembles modern PHP. Zeev later spearheaded the PHP 4 project - which made PHP the most popular development language in the world for web apps, contributed to PHP 5, and is to blame for the sixth version of PHP being named PHP 7. Zeev co-founded Zend Technologies (later acquired by Rogue Wave) in 1999. He holds a bachelor's degree in computer science from the Technion, Israel Institute of Technology.

    • Jun

      But it is tagged as “built in” for OpenSSL at the column of zend server features. I have upgraded open ssl in my CentOS. But it still shows vulnerable when heartbleed checks

      • Lior Kaplan

        Hi, I’m part of Zend’s Linux integration team. Could you provide us the technical details for the test you’ve used so I could check it as well?

        Please let me know which ZendServer version, Centos version and architecture, and what test did you run. Also the version of your openssl package.

        Thanks,

        Lior Kaplan
        lior.k@zend.com