I can't seem to find this information in the software release guides, maybe I missed it somewhere.
Can you upgrade directly from SA 7.1 to 8.0. MAG 4610. I want to ensure I follow the proper upgrade steps.
Also, which versions are OK with regards to Heartbleed.
For upgrade path recommendation, please refer to the release notes: http://www.juniper.net/techpubs/en_US/sa8.0/information-products/topic-collections/Junos-Pulse-Secur...
It's recommended to upgrade to 7.1R16 first, then upgrade to 8.0. In regards to the latest openssl vulnerabilities, it was confirmed 7.1 is not vulnerable.
Thanks for the quick responses and information. I just found an article that says it may be fixed in 8.0R4.1
Last Update: 10.00 a.m. June 12th 2014 Pacific Daylight Savings.
We are working on the fix for OpenSSL MITM vulnerability (CVE-2014-0224) and below are details of the fix** OR the tentative ETA for the delivery of the fix in each of the versions mentioned:
CVE-2014-0224 SSL/TLS MITM vulnerability
An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1.
The clients seem to be the main issue