[kde-community] Impact of Heartbleed issue on KDE.org infrastructure
bcooksley at kde.org
Tue Apr 15 08:29:09 UTC 2014
As i'm sure you're all aware at this point, a vulnerability of OpenSSL
could lead to sensitive information being leaked by web servers.
The Good News:
The vast majority of our services are running on the older Debian
Squeeze, which uses OpenSSL 0.9.8o and is unaffected by the issue.
The Bad News:
Certain services are run through a third party intermediary
(Incapsula) and some services are being hosted by Debian Wheezy
systems (which did use a vulnerable version of OpenSSL).
All such systems under the control of KDE Sysadmin have since been
patched and have had the necessary services restarted. For information
on the steps taken by Incapsula please see
As far as we are aware, all systems under kde.org have now had the
issue corrected (assuming they were affected by the issue in the first
reviewboard.kde.org (Both Git and Subversion)
At no point were Identity, Bugzilla or SCM services affected by this issue.
If anyone has any questions, please let us know.
More information about the kde-community