Heartbleed bug and Zend Server

With recent news of the Heartbleed bug and its associated vulnerability in the OpenSSL library, here is what you need to know about how it affects Zend Server:

On Linux systems, Zend Server uses the OpenSSL library provided by the operating system.  Zend Server does not need to be updated, but please ensure your Linux system is properly updated so all services using OpenSSL (including Zend Server as well as potentially many others) are secure. If you have been using a vulnerable version of OpenSSL (1.0.1 through 1.0.1f inclusive) we highly recommend updating your security keys and passwords after updating the library.

On Windows, IBM i, and Mac OS X systems Zend Server uses OpenSSL 0.9.8, which is unaffected by this vulnerability.

If you have any questions, please don’t hesitate to contact Zend Support.

The following two tabs change content below.

Zeev Suraski

Latest posts by Zeev Suraski (see all)

  • Jun

    But it is tagged as “built in” for OpenSSL at the column of zend server features. I have upgraded open ssl in my CentOS. But it still shows vulnerable when heartbleed checks

    • Lior Kaplan

      Hi, I’m part of Zend’s Linux integration team. Could you provide us the technical details for the test you’ve used so I could check it as well?

      Please let me know which ZendServer version, Centos version and architecture, and what test did you run. Also the version of your openssl package.

      Thanks,

      Lior Kaplan
      lior.k@zend.com