July 1, 2014
New OpenSSL vulnerabilities = New SpiderOak client
On June 5, a new set of vulnerabilities were disclosed in OpenSSL.
Everybody should update to either 0.9.8za or 1.0.1h, regardless of how you use it. This set of bugs affect both server side and client side software in quite interesting ways, but we’ll leave the gory details for another time.
The important point today is that we’ve updated all of our servers as soon as we heard the news, and we promptly started working on a new release for the SpiderOak desktop client.
We are a lot farther away from June 5 than we would want. Luckily the set of vulnerabilities released, along with how the SpiderOak desktop client works, doesn’t make this a blocker. But we’ve already figured out how to improve the release process for the next set of (still unknown) OpenSSL vulnerabilities.
Please be sure to click here and download the latest client for your platform.
We are living in an interesting time. Even though it might seem a bit frightening to need to update such key pieces of software so frequently, the important side of this is that the core of the internet is getting safer and more robust.
Sign up for updates on our blog below, so you can stay up to date and as secure and private as possible.