April 08, 2014
We have reviewed all Heirloom services for impact for the issue described in CVE-2014-0160 (also known as the Heartbleed bug). Service portals www.elasticcobol.com and www.elpaas.com have been updated. All ELPaaS Linux cloud instances that are started after this date will be protected against CVE-2014-0160.
Heirloom Computing suggests you restart all ELPaaS Software-as-a-Service applications that leverage the https:// portal provided by Heirloom's SSL tunneling service, stunnel. Your SSL certificates need not be regenerated nor stunnel reconfigured through the Web-based file explorer. Simply use the ELPaaS portal Show Instances portlet to terminate those that are running and the Show Data Volumes portlet to Launch Instance of those applications again.
On-premise operation of Elastic COBOL, Elastic Transaction Platform, Elastic Batch Platform and applications built from them are not affected unless you incorporate OpenSSL libraries into them. The Elastic COBOL runtime does not depend on OpenSSL.
See Also: NBC News