|
The Heartbleed vulnerability has been widely published as a major threat to all websites. As an application, ExtraView itself does not ship with the OpenSSL software that contains the "Heartbleed" security vulnerability. However, other components you have installed may use OpenSSL. Here's how it might affect you, with your ExtraView installation.
Self-hosted Customers
When ExtraView is installed within your own server environment, you also install several oher software components, such as Java, a database, a web server and an application server. The most common web server used with ExtraView is Apache. If you decided to implement SSL as part of your web server software, you might have used the version of OpenSSL that contains the Heartbleed vulnerability.
You can check whether your installation is at risk, by using a test, such as the one available at http://filippo.io/Heartbleed. If it appears by using this test that your site is vulnerable, we recommend upgrading to the latest version of OpenSSL immediately.
Users of ExtraView's Cloud Servers
Your installation within ExtraView's cloud servers has never used the version of OpenSSL that contains the Heartbleed vulnerability. ExtraView Corporation continues to be vigilant in protecting your data.
General
ExtraView Corporation recommends that you routinely and regularly review the software installed as part of all your installations. You should update and upgrade all components as frequently as possible. This gives you access to all the latest features, and ensures you have all the latest bug fixes, including those that address potential security issues.
If you have questions or concerns, please contact ExtraView Support.
|
