The Protection PLUS 5 SDK version 220.127.116.11 release updates PLUSNative libraries to use OpenSSL 1.0.2d, which fixes a high-severity flaw in OpenSSL. The only Protection PLUS 5 SDK release affected by this OpenSSL flaw is 18.104.22.168, which was released on July 6th, 2015. Prior releases of Protection PLUS 5 SDK did not use versions of OpenSSL that were affected by this flaw. Protection PLUS 5 SDK .NET Edition is NOT affected.
The Protection PLUS 5 SDK version 22.214.171.124 release is only for the following (affected) editions:
- Protection PLUS 5 SDK Native Edition
- Protection PLUS 5 SDK Android Edition
- Protection PLUS 5 SDK Java Edition
- Protection PLUS 5 SDK LabVIEW Edition
If your licensed application uses the dependency-free builds of the PLUSNative static libraries, then upgrading to version 126.96.36.199 is not required. However, it is very important that you ensure the version of OpenSSL your application(s) link is either not affected or is patched as soon as reasonably possible.
Direct impact on Protection PLUS 5 SDK is mitigated through the use of our own layer of encryption and digital signatures. Consequently, the primary reason for a prompt patch is to mitigate the potential for impact in licensed applications that use OpenSSL for other transmissions.
For more details, please read the release notes.