There was an OpenSSL security exposure  that affects the node.js runtime in Bluemix. This was fixed in an update to the IBM’s node.js version 0.10.28, which is embedded in the latest Bluemix node.js buildpack (v1-20140617-2114). It was also fixed in the open source version of node.js 0.10.29.
We recommend that all existing node.js apps be repushed using this latest buildpack (v1-20140617-2114). You can issue “cf buildpacks” to check the available buildpack versions.
If you specify a range of the node.js runtime for your application, such as 0.10.x, it will be resolved to 0.10.29, which means you will be running with the OSS version of the node.js runtime. In order to run on the IBM supported version, please specify the node.js runtime version explicitly to 0.10.28. We plan to adjust the default node.js version resolving scheme after eGA to prefer IBM supported version as appropriate.
An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client and server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
Yantra transformed into an award winning Fintech powerhouse. Yantra Financial Technologies was recognized as a “Company to Watch” as part of the 2016 FinTech Forward rankings released by American Banker and BAI.
Starting today, IBM Cloud Activity Tracker is generally available with new service plans in the US South region. IBM Cloud Activity Tracker allows you to view, manage, and audit cloud activity events in the IBM Cloud. The service can be found under the Security and DevOps sections of the Bluemix catalog.