Orion Consulting Limited

Orion Consulting Statement on the 'Heartbleed' Bug


On April 7th 2014, it was announced that some versions of the OpenSSL security software had a severe bug, which could potentially allow sensitive data stored on a server to be revealed to 3rd parties. This is a major bug in a widely-used piece of software, which has made national headlines and affected many companies and individuals; a good explanation of the bug is available on the Wikipedia page: http://en.wikipedia.org/wiki/Heartbleed

PathFinder uses the OpenSSL library for all secure communications, as well as certificate handling, encryption, digital signing, etc.

However, we are pleased to say that the version of OpenSSL we currently use pre-dates this bug – in other words, PathFinder is not affected by it.  PathFinder currently uses OpenSSL version 1.0.0a – the bug was not introduced until 1.0.1a.

The developers of OpenSSL released a fixed version of OpenSSL (1.0.1g) on the day the bug was made known (i.e. Monday 7th April). However, we will NOT be upgrading to that version at this time. We have a long-standing policy of deliberately staying on slightly older, stable versions of libraries, particularly critical libraries such as OpenSSL. This is partly the reason we have not been affected by this bug in the first place.  We do not believe that being on a 'bleeding edge' version of the library would bring any benefits, and there is the risk that other instability or bugs could have been introduced.

We will review the versions of OpenSSL on offer when preparing the next major PathFinder release, and will of course have time to make a balanced assessment based on testing at that point.

For now, we remain on version 1.0.0.a, which is stable, known, and (once again) not affected by the Heartbleed bug.

If you have any concerns or would like more information, please do not hesitate to contact us.


Tom Reader


Orion Consulting Limited


Contact Orion Consulting

"We have been using PathFinder since 2004 and we continue to be very impressed with what the product provides and the service we receive from Orion. PathFinder is very user friendly and gives excellent visibility of all the various processes. We are now acting as the EDI hub for several Hitachi companies and we couldn’t have done this without PathFinder."
Gillian Tew, EDI Manager, Hitachi Europe Ltd