Today OpenSSL announced a total of 14 new vulnerabilities in versions 0.9.8, 1.0.0, 1.0.1, and 1.0.2 of the OpenSSL software.
Fastly has evaluated each of these vulnerabilities and found that only one moderate-severity bug affects our configuration. We are currently testing the patch and coordinating a global release of the updated software across Fastly’s network. We anticipate no customer impact or configuration changes.
We also encourage you to update to the latest versions of OpenSSL in your own TLS clients and servers.
Thanks to the developers of OpenSSL and the individuals who helped report and coordinate the release of today’s vulnerabilities. Please feel free to contact us with questions or concerns.