According to heartbleed.com, the OpenSSL cryptographic software library, also in use by ISL Online, has a serious vulnerability called the Heartbleed bug. Uncovered by a team of security engineers from Codenomicon and Google Security, the weakness allows attackers to steal information typically protected by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). The Heartbleed bug was introduced to OpenSSL in December 2011, and has been in the wild since version 1.0.1 was released in March 2012. The fixed version 1.0.1g was launched on Monday, 7 April.
The affected version of OpenSSL 1.0.1c is used in the versions of ISL Conference Proxy from 3.5.0 – 3.5.6. However, on 8 April 2014 ISL Online released a new version of ISL Conference Proxy 3.5.7 with the Heartbleed Bug fix. The new version of ISL Conference Proxy 3.5.7 was immediately deployed to our ISL Cloud Network of servers and our SaaS (Hosted Service) users were automatically shifted to use the safe fixed version. Hosted Service users thus don’t need to do anything as they are already using the new software with the OpenSSL Heartbleed Bug fixed.
IMPORTANT (Server License)
Server License users, on the other hand, should check which version of the ISL Conference Proxy they are running. If they are running ISL Conference Proxy from 3.5.0 to 3.5.6 we highly recommend upgrading to the versions 3.5.2a or 3.5.7.
If you have any questions regarding the Heartbleed Bug issue and need some guidance to deploy the new ISL Conference Proxy 3.5.7, please feel free to contact us anytime.