“Heartbleed” Does Not Affect Telerik Platform Users

Thread is closed for posting
1 posts, 0 answers
  1. Telerik Admin
    Telerik Admin avatar
    1679 posts
    Member since:
    Oct 2004

    Posted 10 Apr 2014 Link to this post

    What is “Heartbleed”?

    Many of you are already aware of the recently discovered security vulnerability in version 1.0.1 of the famous OpenSSL cryptographic library, filed under CVE-2014-0160. The OpenSSL library is widely used in secured network communication over the Internet. The vulnerability became widely known as the “Heartbleed” bug. In brief, the vulnerability could be exploited by an attacker to continuously collect saved private data in 64 kB chunks and eventually reconstruct it. Extensive information is available at the “official” disclosure page here.

    What has Telerik done?

    First, the privacy of Telerik customers is not in jeopardy from any type of malicious exploit of this vulnerability. Nevertheless, all Telerik Platform services were reviewed for “Heartbleed” susceptibility, with utmost attention to even an indirect impact.  The performance and security of the Telerik network infrastructure were put under a large-scale scrutiny.

    Current State

    We can now confirm that developers and companies using Telerik Platform modules have no reason to worry about possible data breaches in the context of Telerik Platform. However, we strongly recommend you refer to the instructions issued on the ad-hoc security pages of the popular community hubs like GitHub, Bitbucket or any other services you might be using that are secured with SSL/TLS.
Back to Top