@pakelihe this is not related to OpenSSL. The issue I was asking for is the ROS 2 reflection attack, which is feasible due to the way things are implemented in Connext. Alias Robotics posted about this recently, including a talk I gave at the Security WG explaining this in more detail and possibles attacks leveraging it. 6.0.1 is vulnerable.
This issue was initially reported as CVE-2021-38487, and there’s plenty of information about it available publicly as of now. The only advisory available from RTI that I’m aware of is ICS-CERT Security Notice ICS-VU-575352 / VU#770071 | Data Distribution Service (DDS) Community RTI Connext Users, which doesn’t say much (not even crediting back the security researchers 
, which would be nice!).
Is a patch available for 6.0.1 and if so, will the version that will be provided to Open Robotics be patched?