On 1st March a group of security vulnerabilities was announced affecting the "openssl" package which is widely used across the internet.
What does this mean for Delib customers?
One of these issues make it possible to spy on secure connections if outdated SSL is switched on. We already have the affected outdated SSL switched off everywhere and are applying this update to be doubly certain.
Another of these issues makes it theoretically possible to spy on secure connections, but is exceedingly difficult and depends on specific hardware. We are applying this update because we use cloud servers.
An updated version of the package which corrects these issue has now been released so we are applying this to all servers for Delib customers on the morning of the 2nd of March UK time. While we run this update sites may be unavailable for a few minutes (we anticipate no more than 5 minutes). Where possible a standard maintenance page will be shown during this time.
Further technical information is available at https://rhn.redhat.com/errata/RHSA-2016-0301.html.