Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-17610

Vulnerable OpenSSL version used in Windows build

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Works as Designed
    • 3.0.1
    • None
    • Security
    • None
    • Windows
    • BUILD 0 3/13/15, BUILD 1 04/03/15

    Description

      I just downloaded the "win32/mongodb-win32-x86_64-2008plus-ssl-v3.0-latest.zip" from the build archive, extracted the server and started it.

      According to the log it is version "db version v3.0.1-rc1-pre-"

      In the log output I noticed the output
      "OpenSSL version: OpenSSL 0.9.8r 8 Feb 2011"

      I hope this is a joke. I just don't want to know how many known vulnerabilities are included in this version. I assume at least one will be relevant for Mongo!

      Attachments

        Issue Links

          related to

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-17368 Create windows SSL zip file with OpenSSL files

          • Minor - P4 - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              jonathan.reams@mongodb.com Jonathan Reams
              mango Jan S.
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: