The OpenSSL cryptographic library, used by GemStone for RPC session logins (client-to-gem connections), has a critical security bug that potentially allows private memory to be exposed to third parties.
More information on this bug can be found at http://heartbleed.com.
While we do not believe this vulnerability is likely to be exposed in GemStone, we strongly recommend users update to the latest OpenSSL version provided by GemTalk Systems.
This bug has been fixed in OpenSSL version 1.0.1g and later. GemStone uses OpenSSL as a shared library which can be replaced with minimal disruption.
Contact GemTalk Technical Support for the latest OpenSSL version for your platform.
Last updated: 8/8/14