Earlier this week the OpenSSL Heartbleed Bug was announced. The list below details how this affects Zumero for SQL Server (ZSS).

  • The ZSS Server uses IIS which does not use OpenSSL. It is not vulnerable to the Heartbleed bug.
  • The only potentially affected platform in the ZSS Client SDK is Android, which bundles a copy of OpenSSL that is used only for client-side access. In the ZSS 1.3 release, the bundled OpenSSL is upgraded to 1.0.1g.