I'd recommend not logging into issues.apache.org until it is fixed. I believe Atlassian needs to do something with their shipped package before that can happen.
openssl s_client -connect issues.apache.org:443 -tlsextdebug | grep heart TLS server extension "heartbeat" (id=15), len=1 And further, Atlassian themselves aren't patched openssl s_client -connect support.atlassian.com:443 -tlsextdebug | grep heart TLS server extension "heartbeat" (id=15), len=1 For anyone who doesn't know, this is nightmare. People on tech sites are scraping logins from each other and posting comments as other users just to show they can, it's pretty powerful to be able to grab random memory from a process using OpenSSL. On Tue, Apr 8, 2014 at 10:07 AM, Nux! <n...@li.nux.ro> wrote: > On 08.04.2014 16:12, Paul Angus wrote: >> >> A vulnerability has been found in OpenSSL >> >> http://www.bit-tech.net/news/bits/2014/04/08/openssl-heartbleed/1 > > > If you want to test a site for it try http://filippo.io/Heartbleed/ (if it's > not loaded already) > > There are already updates available where required, don't forget to restart > the daemons that depend on SSL (lsof -n | grep ssl) after applying them. > > "OpenSSL opens your SSL" > > Lucian > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro
