Expressway Heartbleed Update
I wanted to send out a quick update on our progress in addressing the Heartbleed vulnerability.
- On April 7th an OpenSSL advisory was published that identified the “heartbleed” bug, identified as (CVE-2014-0160)
- As soon as the news was available, the Expressway engineering team began a rapid investigation to determine which versions of Expressway Service Gateway and Expressway Tokenization Broker might be affected.
- By 9PM CDT on April 9th patches were made available and published along with a customer notification for the most widely deployed Expressway Service Gateway and Expressway Tokenization Broker versions – R3.4, R4.5 and R5.1
- Patches for the remaining versions (R5.5 and R6.1) were made available by 2PM CST on April 10th.
- Expressway versions older than R3.4 are not affected by the heartbleed bug. In addition, the Intel® Expressway API Management Portal is also not affected by heartbleed.
If you have further questions or concerns, please feel free to reach out to your Intel Expressway support representative. Additional information is available through our support portal as well.