On May 20th, 2015, a new vulnerability known as “Logjam” was discovered, as described in this NIST announcement. We reviewed the severity and impact to Globus services and posted the findings in our support forum. We do not anticipate additional updates on this issue.
The vulnerability was identified and assessed to be of low severity due to the difficulty to complete an attack. An enhancement was expedited and implemented to prevent the vulnerability in the future. Please see the forum post for all recommended actions.
In particular, we ask that Globus Connect Personal users (which includes almost all Globus users) update to the latest version by following the instructions here.
If you have any concerns about this issue, please contact our support team.