Assembla's reaction to the SSL security vulnerability "Heartbleed"
The Internet was surprised recently by a bug in the OpenSSL software, called "Heratbleed," that might allow an attacker to see your HTTPS traffic including your password on a Web login form. You can read about some of the technical details regarding "Heartbleed" here and the OpenSSL 1.0.1g fix here.
We updated the Assembla servers to remove the vulnerability within a few hours of being notified about a fix. Our acceleration provider, Edgecast, had not yet updated their servers with the fix. This extended the time that Assembla users were exposed to the vulnerability for a few more hours. We had turned off Edgecast, causing some pages to render more slowly, until Edgecast's servers were updated. Everything has since returned to normal.
- It is recommended that you reset your Assembla password. You can do so using the password reset form.
- If you use API keys or tokens, we recommend that you reset your API keys or tokens.
- If you use the FTP tool, we recommend that you reset your server login credentials and update these credentials in Assembla's FTP tool.
If you have any questions or concerns, please do not hesitate to contact us.