This question is locked. New answers and comments are not allowed.
What is “Heartbleed”?
Many of you are already aware of the recently discovered security vulnerability in version 1.0.1 of the famous OpenSSL cryptographic library, filed under CVE-2014-0160. The OpenSSL library is widely used in secured network communication over the Internet. The vulnerability became widely known as the “Heartbleed” bug. In brief, the vulnerability could be exploited by an attacker to continuously collect saved private data in 64 kB chunks and eventually reconstruct it. Extensive information is available at the “official” disclosure page here.
What has Telerik done?
First, the privacy of Telerik customers is not in jeopardy from any type of malicious exploit of this vulnerability. Nevertheless, all Telerik Platform services were reviewed for “Heartbleed” susceptibility, with utmost attention to even an indirect impact. The performance and security of the Telerik network infrastructure were put under a large-scale scrutiny.
Current State
We can now confirm that developers and companies using Telerik Platform modules have no reason to worry about possible data breaches in the context of Telerik Platform. However, we strongly recommend you refer to the instructions issued on the ad-hoc security pages of the popular community hubs like GitHub, Bitbucket or any other services you might be using that are secured with SSL/TLS.
Many of you are already aware of the recently discovered security vulnerability in version 1.0.1 of the famous OpenSSL cryptographic library, filed under CVE-2014-0160. The OpenSSL library is widely used in secured network communication over the Internet. The vulnerability became widely known as the “Heartbleed” bug. In brief, the vulnerability could be exploited by an attacker to continuously collect saved private data in 64 kB chunks and eventually reconstruct it. Extensive information is available at the “official” disclosure page here.
What has Telerik done?
First, the privacy of Telerik customers is not in jeopardy from any type of malicious exploit of this vulnerability. Nevertheless, all Telerik Platform services were reviewed for “Heartbleed” susceptibility, with utmost attention to even an indirect impact. The performance and security of the Telerik network infrastructure were put under a large-scale scrutiny.
Current State
We can now confirm that developers and companies using Telerik Platform modules have no reason to worry about possible data breaches in the context of Telerik Platform. However, we strongly recommend you refer to the instructions issued on the ad-hoc security pages of the popular community hubs like GitHub, Bitbucket or any other services you might be using that are secured with SSL/TLS.