MongoDB Response on Heartbleed OpenSSL Vulnerability | MongoDB Blog MongoDB products and services were affected by the Heartbleed bug, but only in specific scenarios. Non-Windows users are not directly impacted as MongoDB dynamically links to OpenSSL, making them secure without an update. However, underlying systems requiring an update should still be patched. Customers using AWS AMIs need to upgrade their operating system's OpenSSL libraries. In contrast, Windows customers with MongoDB Enterprise for Windows had a fixed version of OpenSSL prior to release 2.6.0, and are not required to take action unless using a release candidate version. MMS users are not affected by the vulnerability as it does not impact the load-balancer or Jetty webserver's SSL/TLS implementation.