Hi, As many of you may have be noticed by more conventional way, a serious issue in OpenSSL have been announced sunday that lead to information leak like SSL private certificate, any HTTP POST data but not only limited to this.
This weakness is present in OpenSSL since two years. More detailed information about CVE-2014-0160 are available at http://heartbleed.com All Enlightenment platforms have the fix applied since 04/07 at 12:00 UTC. Also Enlightenment SSL certificate and private key have been regenerated. You can verify by yourself using these test URL https://www.ssllabs.com/ssltest/analyze.html?d=enlightenment.org http://filippo.io/Heartbleed/#enlightenment.org We don't use SSL to protect any sensitive data in Enlightenment, but only as a channel to protect your authentication credentials on services provided by Enlightenment. Your passwords are considered as being stolen and no more private. A malicious user may have retrieve your credentials without needing your help. We highly recommend you to change their passwords as soon as possible. This means any account you have on Phabricator, Jenkins etc .. This issue is not dedicated to Enlightenment but is a general to all applications using OpenSSL over the world. We can only advise you to verify with previous links for other services provided with OpenSSL you use that they have correctly applied needed fix and to change your passwords once they have applied fix and change their certificates. -- Beber ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ enlightenment-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-users
