OpenSSL vulnerabilities were disclosed on November 2, 2017 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. A vulnerability was disclosed in October 2017 by the Node.js project. IBM SDK for Node.js has addressed the CVE. However, a user action is needed to update your instances. For more information, see the security bulletin.