Hi there. The [Heartbleed Bug] is a serious vulnerability in the popular OpenSSL cryptographic software library.
We are using the Docker image on Digital Ocean and attempted to upgrade the host via the typical method:
sudo apt-get update && sudo apt-get upgrade openssl libssl
After that, we did:
/var/docker/launcher destroy app
/var/docker/launcher bootstrap app
/var/docker/launcher start app
However after coming back up, our Discourse installation still appears to vulnerable. Is there something in the Docker image that needs to be updated?
Update: I did a
./launcher ssh app and went in to the Docker image, and noticed that the openssl there was still running an older version, OpenSSL 1.0.1c 10 May 2012. However, from within that Docker ssh session, I couldn’t upgrade it using apt-get. I didn’t want to do anything further to avoid breaking anything.