Dear customers,
please find a detailed update on the current situation regarding RabbitMQ and Erlang.
Following the ThreatCon information related to the two components: https://community.bosch-connected-industry.com/nexeed-mes/news/post/cert-advisory---erlang-otp-ssh-daemon-security-bypass-vulnerability-vswsla3FHhDVkVi
BCI has updated and tested the latest versions of both in order to provide a stable version in the field.
Remark: There is no immediate requirement to update since we are not using the functionality of Erlang that was affected by the threat.
Additionally, BCI has prepared a documentation to give the customer the freedom to do a self-update/installation. The docu can be found here: https://inside-docupedia.bosch.com/confluence/x/yJLCYgE (Bosch internal documentation).
In case you do not feel confident doing things on your own, we as BCI are happy to support you. Please get in touch with your application expert
One important hint: we recommend installing separate instances of RabbitMQ per module/usecase and not to overload your single RabbitMQ instances.
The currently supported/tested versions are:
RabbitMQ 4.1.0
Erlang 27.3.4
BCI will regularly test and update the versions and also publish information about it here.