Great question! These OpenSSL updates will be part of our next maintenance release. Based on known usages of OpenSSL within Splunk, OpenSSL TLS protocol downgrade attack (CVE-2014-3511) is the main risk. We are working on the next maintenance releases and will issue updated security advisories. In the meantime, keep an eye on Splunk Product Security Portal for additional updates and announcements.
... View more