ByWater Servers Unaffected by Heartbleed

by Larry Baerveldt on Apr 10, 2014

Some of you may have read about a recent security bug that was discovered in the OpenSSL application, commonly used on many servers on the Internet known as Heartbleed.

I just wanted to let you know that ByWater servers are unaffected by this bug. The only vulnerable versions are 1.0.1 and 1.0.2-beta1, and we are not on either of those versions.

Those of you who locally host, and are on Debian Squeeze (6.0.x) should also not be affected by this bug. However, those of you on Ubuntu *may* be affected, if you also use SSL certificates for secure web sites (i.e. https access). Those of you in that situation should contact your local IT about upgrading OpenSSL to the latest version.

For those of you who locally host your Koha installation, and are either using Ubuntu or Debian Wheezy (7.x), you can test your site’s vulnerability by going here, https://lastpass.com/heartbleed, and entering your catalog URL.