The "Heartbleed" OpenSSL bug and ROOL

Software-minded members of the ROOL community may have heard of the recent OpenSSL vulnerability called “Heartbleed”:

• http://en.wikipedia.org/wiki/Heartbleed

This is a critically serious vulnerability. Fortunately, ROOL was not at any time using an affected version of the OpenSSL library in its production servers. I have nonetheless patched the server up to the most recent release including fixes that might be relevant were we to use certain features of our server infrastructure which currently lie idle – it’s a “just in case” measure.

While I have no doubt that our infrastructure will contain security issues – all infrastructures do! – I currently don’t know of any specific serious vulnerabilities and I have no reason to recommend that anyone changes their ROOL account password at this time.

Re. https://www.riscosopen.org/forum/forums/5/topics/2521 ;-)