OpenSSL Heartbleed Security Update
After the announcement on Monday 7th April 2014, the team began investigating the level of potential risk to our hosted systems and on-premise software.
Since SkySQL.com and MariaDB.com use OpenSSL in its platforms it was deemed necessary to immediately update all platforms with the recommended security patches.
Please be assured that our online systems are no longer at risk from this vulnerability.
We recommend that all users of SkySQL and MariaDB online services update their passwords are their earliest convenience.
MariaDB binaries including MariaDB Galera Cluster on Linux and other non-Windows platforms are dynamically linked with OpenSSL, which makes MariaDB as vulnerable as the underlying system OpenSSL itself is if SSL support for MariaDB has been enabled (disabled by default). You can easily check if it has been by running the command "show variables like 'have_ssl';".
Windows binaries use yaSSL and are therefore not affected by the vulnerability.
In all cases the platform that MariaDB or MariaDB Galera Cluster is run on should should be checked for OpenSSL and the version of OpenSSL. In case a vulnerable version of OpenSSL is found it should be upgraded to a safe version and it's recommended to change all user passwords.
MaxScale, the intelligent proxy for MySQL and MariaDB also makes use of OpenSSL. OpenSSL is dynamically linked to MaxScale, so also in case you're using MaxScale make sure to upgrade OpenSSL. MariaDB Manager doesn't make use of OpenSSL.
We are dedicated to resolving security issues promptly, while remaining open and honest with our customers.
Please check back often and if you require assistance please contact firstname.lastname@example.org