On Monday April 7th OpenSSL released an update to address CVE-2014-0160 (aka Heartbleed). This was a vulnerability in the popular cryptographic library that is used to secure many major websites. It affected nearly two thirds of web servers, including sites like Google, Twitter, and Yahoo. PushPress has implemented the update as of Monday and is no longer vulnerable to potential Heartbleed exploits. We’ve also reissued our SSL certificates, changed internal passwords, and changed private keys.There has been no evidence that there has been any type of attack or intrusionWe, along with the rest of the web development community, will continue to monitor the situation and make sure that all the necessary fixes have been enacted. If you have any questions about the OpenSSL situation and how it affects PushPress please contact us.
