Multiple OpenSSL Vulnerabilities Update
As you may be aware, on March 19th the OpenSSL team disclosed multiple vulnerabilities affecting all current releases of the OpenSSL cryptographic library used by many application delivery providers including Instart Logic (https://www.openssl.org/news/secadv_20150319.txt).
Instart Logic closely tracks the disclosure of security issues that may affect our software-defined application delivery (SDAD) service and evaluates each report on a case by case basis to determine whether we are affected, and what remediation actions may be needed.
Our review of the announced OpenSSL vulnerabilities indicates that while most are not a concern for our service (due to a combination of the version we use and our unique configuration), one of the vulnerabilities may open up the possibility of a denial of service attempt. As a result we are currently in the process of rolling out an updated version of the OpenSSL library across our service.
We would also strongly encourage customers to evaluate their origin servers to determine whether OpenSSL is in use and apply the appropriate updates where applicable. Please contact Instart Logic Support at firstname.lastname@example.org or via phone at 1.888.576.3166 or +1.650.919.8854 with any questions.