CodeIgniter Forums

Full Version: Potential Major Security Problem in the Encryption lib's (IE: Heartbleed Bug)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Ok as the title says.

What I want to know is is this something we as CI users have to be worried about?

If so, are there plans by the CI dev's to provide a fix or workaround?

I have a major web application in progress on CI and do not want to release it if this is an issue, at least not releasing it until there is a fix.
Heartbleed is a bug in OpenSSL. It has nothing to do with CI. What makes you think CI is affected by this?
reading the documentation for CI3 , for the encryption lib, it mentions it requires openssl and/or mcrypt.
(12-14-2014, 06:45 AM)Hobbes Wrote: [ -> ]reading the documentation for CI3 , for the encryption lib, it mentions it requires openssl and/or mcrypt.

Exactly, it requires external libraries on your web server. Those are not part of CodeIgniter so there's nothing to fix in CI. You need to make sure your server run the latest version of OpenSSL (or at least the one with the bug fixed).
Thanks hate. I will check with my server techs and make sure we have the fixed version of openssl.

I just wanted to make sure is all. Thanks for the info