[Coin-announce] Update: COIN-OR and Heartbleed

Matthew Saltzman mjs at clemson.edu
Fri Apr 11 18:42:46 EDT 2014

As you are no doubt aware by now, a security-related bug--code-named
Heartbleed--was recently revealed in the OpenSSL encryption library,
which supports WWW encryption in most Linux distributions.  The COIN-OR
HTTPS servers, including projects.coin-or.org and svn.coin-or.org, were
determined to be exposed to the bug.

We have updated our OpenSSL libraries with patched versions, so we are
no longer exposed.  In addition, we have revoked our previous SSL
certificates and replaced them with brand new ones.  While there is no
significant personal or financial information stored on our servers, we
still recommend that you change passwords for any password-protected Web
services that you use.  If you changed your passwords on our server
before receiving this announcement, you should change them again.

If you run servers of your own, it is recommended that you immediately
apply your vendor's patches and that you then revoke and reissue your
SSL certificates and--once those steps are completed--have your users
change their passwords.

Thanks for your attention.
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu

More information about the Coin-announce mailing list