Hi all:
I’m releasing a new minor version of Reddcoin wallets which uses the latest OpenSSL 1.0.1g with fix for Heartbleed security bug.
The source code release on github can be found here.
Binaries for different platforms will be provided shortly. However, if you have always used provided binary wallets, most likely you are not exposed so you can afford to wait for a few hours. Don’t panic!
- I want to build my wallet from the source code release. What should I do?
Make sure your installed OpenSSL is upgraded to 1.0.1g and then compile the wallet as before.
- Is my wallet compromised? Have I lost coins?
If you are not running the wallet in daemon mode with RPC + TLS, most likely no. All bitcoin + altcoin wallets use OpenSSL for encrypted connection to the built-in RPC server. If you are just a normal user, Heartbleed bug should not affect you.
- I’m a pool owner / exchange owner / developer, is my wallet compromised?
Yes and no. If you ever query the RPC server in wallet daemon, you should always use its configuration file to specify the short list of IP addresses that are allowed. You should never run your wallet daemon with open RPC port on a public server for everyone to access or attempt to access. In any case, the fix is much more relevant to you and upgrade now.
- Will there be a fork?
No. Wallet 1.1.3.2 is fully backward-compatible with 1.1.3.1 and 1.1.3.
- Does every crypto-currency require a fix?
Yes and I’m glad we are one of the very first few coins which have released the wallet fix for Heartbleed.
Regards
laudney
UPDATE: All binaries (Windows, Linux, Mac) are now available. Use the links in the side bar.