In case any customers are wondering if Operations Center is affected by the OpenSSL HeartBleed security hole that's been on the news, it is NOT affected. We do NOT use OpenSSL in NOC.
However, we do believe that PostgreSQL does use OpenSSL for secure database connections. Depending on the version of PostgreSQL, version of OpenSSL included, and how it is configured, there may be a vulnerability. Since we do NOT distribute PostgreSQL, it would be up to the customer to update their PostgreSQL implementation IF it were to be susceptible.
What versions of the OpenSSL are affected?
Status of different versions:
- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable