FFIEC issues a Pressrelease today regarding the Heartbleed vulnerability in OpenSSL...

A vulnerability that has been in the wild for 2 years with the release of OpenSSL 1.0.1 beta... and up patched in 1.0.1g

http://www.ffiec.gov/press/pr041014.htm

OpenSSL Security Advosiry was issued on April 7, 2014. 

https://www.openssl.org/news/secadv_20140407.txt 

And TOR Project summed it up iwth it's Blog Post... 

Ars Technica's Dan Goodin hasd a well written article out on 4/8/2014 giving us more information on the defect.  Check out Dan's Article here... 

History: 

 v0.9.8 / July 5, 2005 

 v1.0.0 / March 29, 2010 

 v1.0.1 March 14, 2012 

 Successor of 1.0.0h 

 Supports TLS v1.2 

 SRP support 

 TLS "Heartbeat" RFC 6520 / February 2012 

 TLS is based on reliable protocols, but there is not necessarily a feature available to keep the connection alive without continuous data transfer. The Heartbeat Extension as described in this document overcomes these limitations. The user can use the new HeartbeatRequest message, which has to be answered by the peer with a HeartbeartResponse immediately. 

 v1.0.1g - Now available 

 v1.0.2 - in beta release, coming soon.