Update OpenSSL 1.0.1g

Yesterday, a security patch of OpenSSL 1.0.1g was issued, fixing a pretty critical vulnerability (refered to as CVE-2014-0160).

Once issued, the Clever Cloud support team immediately updated our service with it.

Who's affected?

If you have SSL enabled on Clever Cloud, you have to read the following.

What to do?

Clever Cloud is not vulnerable to this security breach anymore, but we urge you to regenerate SSL keys and re-issue your certificate. Certificate regeneration is not a sufficient solution to protect you completely, you also have to regenerate a new SSL key. If you have any questions related to this security update for your apps hosted on Clever Cloud, feel free to send us an e-mail, our team will keep you informed of future developments.

Which versions of OpenSSL are vulnerable?

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Blog

À lire également

What’s new on Clever Cloud, Q2 2025

Last February, we held the Clever Cloud Fest, two days of meetings and exchanges, punctuated by the announcement of 11 new products. However, it's one thing to talk about innovations, and quite another to bring them to life for our customers.
Company

Why we (finally) built our own managed Kubernetes

At Clever Cloud, we held off for a long time before offering a managed Kubernetes service. Not out of technological reluctance, Kubernetes is a great tool… but it was never designed to make developers’ lives easier.
Company Engineering

What is cloud migration?

Cloud migration represents a strategic step for organisations looking to transform their digital infrastructure.
Engineering