I wouldn’t hold your breath, they haven’t addressed vulnerabilities that are far older, such as POODLE. I don’t think they are too concerned with that kind of thing as it is more of a Harry Homeowner kind of product.
but it is their job to keep “the cloud of my own” secure! when the firmware is maintained like this, every other cloud storage service is safer
they have to fix vulnerabilities as they appear, not in combination with bugfixes or new features.
and the communication guidelines havent changed since the heartbleed bug! It is not WDs fault, so they should be more transparent - the support is no real help, but they passed it on to the right department. As I said before, they should open a “security & best practices” page. and they should include the fixes in the readme.
did they fix the NTP bug? synology did that on 2014/24/17
updated openssl to 1.0.1k? synology: 2015/01/22
GHOST: synology 2015/02/04
POODLE: synology 2014/11/12
Heartbleed: synology: 2014/04/10Â WD: 2014/04/16 for the ex4, 2014/04/21 for the my cloud.
I took care of the SSLv3 vulnerability (I think that was Heart Bleed, not sure), by editing the server.xml file in the Apache folder. There are others that you probably can’t do anything about and will probably need a firmware upgrade.
I ended up disabling the web server and manage it via SSH if I have to. I don’t think the Ghost vulnerability is that big a deal from what I’ve read, seems like it’s more to do with smtp (email). I wouldn’t take my word for it though.  Regardless, I think you have to be more or less nuts to expose your NAS to the Internet.
Edit: Sorry, I mean edit ssl.conf, not server.xml.