Apologies for the cross post, want to be sure the word gets out to my incubator 

If you aren't subscribed to commun...@apache, you should be. If you aren't 
subscribed, please note the following information and take action, if needed.


Begin forwarded message:

> From: Joe Schaefer <joe_schae...@yahoo.com>
> Date: April 10, 2010 1:24:14 PM EDT
> To: commun...@apache.org
> Subject: [NOTICE] compromised jira passwords
> Reply-To: commun...@apache.org
> Hello Apache community@ [1],
> As you are probably aware we have been working to restore services
> that have been compromised by a very targetted attack against Apache's
> jira installation.  The good news is that jira is back online, with
> bugzilla and confluence soon to follow [2].  The bad news is that the
> hacker was able to rejigger jira's code to sniff any cookies and
> passwords sent to the server between April 6 and April 9.  If you
> used jira at all this week, including via IDE's that interface via
> SOAP, it is IMPERATIVE that you take time to immediately reset your
> jira password, and possibly your ldap password if those match up.
> If you have admin privs in jira your password was reset by us, so
> you'll need to use the password reset form in jira to regain access.
> To have a reset password mailed to your contact information in jira,
> visit
> https://issues.apache.org/jira/secure/ForgotPassword!default.jspa
> When you do login to jira be sure to double-check your contact info.
> To change your ldap password login to people.apache.org and run
> /usr/sbin/passwd, or else visit https://svn.apache.org/change-password
> .
> Thanks for your patience and diligence in this matter.  A blog post
> will be forthcoming which will provide details of the attack and
> what we have done to mitigate future hack attempts.
> [1] feel free to forward this note to any other apache mailing list,
> public or private.
> [2] at this time we do not believe the hacker compromised the confluence
> and bugzilla installs, but we are awaiting confirmation from our admins
> before bringing those back online.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: community-unsubscr...@apache.org
> For additional commands, e-mail: community-h...@apache.org

Reply via email to