Advisory Release Date
Mar 21, 2022
Summary
On March 15, 2022, the OpenSSL Project announced a Denial-of-Service vulnerability that affects all versions of OpenSSL. More information on this vulnerability can be found here:
https://www.openssl.org/news/secadv/20220315.txt
All LightWave & SOAPam products released prior to March 15, 2022, use vulnerable versions of OpenSSL. The vulnerability affects TLS connections when Elliptical Curve (ECC) certificates are in use. By default, LightWave & SOAPam products use RSA certificates which are not affected, but it is possible to install an ECC certificate from an external provider.
Status
As of March 21, the default GA downloads for the latest LIghtWave & SOAPam product releases have been upgraded to the latest OpenSSL release 1.1.1n. Note that the update is only for the latest product releases If you would like a hotfix prepared another supported release, please open a support case.