Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-17610

Vulnerable OpenSSL version used in Windows build

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 3.0.1
    • Component/s: Security
    • Labels:
      None
    • Windows
    • BUILD 0 3/13/15, BUILD 1 04/03/15

      I just downloaded the "win32/mongodb-win32-x86_64-2008plus-ssl-v3.0-latest.zip" from the build archive, extracted the server and started it.

      According to the log it is version "db version v3.0.1-rc1-pre-"

      In the log output I noticed the output
      "OpenSSL version: OpenSSL 0.9.8r 8 Feb 2011"

      I hope this is a joke. I just don't want to know how many known vulnerabilities are included in this version. I assume at least one will be relevant for Mongo!

            Assignee:
            jonathan.reams@mongodb.com Jonathan Reams
            Reporter:
            mango Jan S.
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: