Since Globus Connect Personal v2.1.3 was included in BCE, I thought I'd pass on this security announcement. The vulnerability sounds fairly low-severity according to the email and I don't think many people are (yet) using GCP in BCE, but it is likely to be more used over time as more people begin using the the Savio DTN. So, upgrading this in whatever your next release might be would be a good.
On May 20th, 2015, a new vulnerability known as “Logjam” was discovered, as described in this
NIST announcement. We reviewed the severity and impact to Globus services and posted the
findings in our support forum. We do not anticipate additional updates on this issue.
The vulnerability was identified and assessed to be of low severity due to the difficulty to complete
an attack. An enhancement was expedited and implemented to prevent the vulnerability in the
future. Please see the forum post for all recommended actions.
In particular, we ask that Globus Connect Personal users (which includes almost all Globus users)
update to the latest version by following the instructions here.
If you have any concerns about this issue, please contact our support team.
Since Globus Connect Personal v2.1.3 was included in BCE, I thought I'd pass on this security announcement. The vulnerability sounds fairly low-severity according to the email and I don't think many people are (yet) using GCP in BCE, but it is likely to be more used over time as more people begin using the the Savio DTN. So, upgrading this in whatever your next release might be would be a good.
Impact of Logjam vulnerability on Globus Services