"Heartbleed exploit" ?


Is there any plan to update the version of OpenSSL? That is to say, more specifically, should a person be concerned with this message?

I used the latest “tagged” docker version, 1.3.1. I see this message in the log:

W0320 22:31:40.250135 main.cpp:1297] Orthanc version: 1.3.1
W0320 22:31:40.251901 OrthancInitialization.cpp:162] Scanning folder “/etc/orthanc/” for configuration files
W0320 22:31:40.251990 OrthancInitialization.cpp:114] Reading the configuration from: “/etc/orthanc/orthanc.json”
W0320 22:31:40.252660 FromDcmtkBridge.cpp:199] Loading the embedded dictionaries
W0320 22:31:40.271114 FromDcmtkBridge.cpp:2075] Registering JPEG Lossless codecs in DCMTK
W0320 22:31:40.271221 FromDcmtkBridge.cpp:2080] Registering JPEG codecs in DCMTK
W0320 22:31:40.278510 main.cpp:670] Loading plugin(s) from: /usr/share/orthanc/plugins
W0320 22:31:40.278935 main.cpp:670] Loading plugin(s) from: /usr/local/share/orthanc/plugins
W0320 22:31:40.279536 PluginsManager.cpp:269] Registering plugin ‘serve-folders’ (version 1.3.1)
W0320 22:31:40.280113 PluginsManager.cpp:168] ServeFolders: Empty configuration file: No additional folder will be served!
W0320 22:31:40.280548 PluginsManager.cpp:269] Registering plugin ‘worklists’ (version 1.3.1)
W0320 22:31:40.280635 PluginsManager.cpp:168] Sample worklist plugin is initializing
W0320 22:31:40.281075 PluginsManager.cpp:168] Worklist server is disabled by the configuration file
W0320 22:31:40.281240 OrthancInitialization.cpp:998] SQLite index directory: “/var/lib/orthanc/db”
W0320 22:31:40.281969 OrthancInitialization.cpp:1068] Storage directory: “/var/lib/orthanc/db”
W0320 22:31:40.387665 HttpClient.cpp:686] HTTPS will use the CA certificates from this file: /etc/orthanc/
W0320 22:31:40.388404 ServerScheduler.cpp:135] The server scheduler has started
W0320 22:31:40.388797 LuaContext.cpp:103] Lua says: Lua toolbox installed
W0320 22:31:40.388896 ServerContext.cpp:182] Disk compression is disabled
W0320 22:31:40.388957 ServerIndex.cpp:1403] No limit on the number of stored patients
W0320 22:31:40.388982 ServerIndex.cpp:1420] No limit on the size of the storage area
W0320 22:31:40.389908 main.cpp:862] DICOM server listening with AET ORTHANC on port: 4242
W0320 22:31:40.390055 MongooseServer.cpp:927] This version of OpenSSL is vulnerable to the Heartbleed exploit
W0320 22:31:40.390195 MongooseServer.cpp:1075] HTTP compression is enabled
W0320 22:31:40.395183 main.cpp:795] HTTP server listening on port: 8042
W0320 22:31:40.395244 main.cpp:682] Orthanc has started


This message can be safely ignored, as long as you run Orthanc behind a nginx/Apache/IIS proxy to implement HTTPS encryption:l

We also have plans to implement a much lighter set of Docker images, by statically linking against all the third-party components of Orthanc, which will allow us to finely control the versions of these components (and possibly provide hotfixes if need be). This is planned for after the forthcoming 1.3.2 release.


Great news, thank you!