geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevan Miller <>
Subject Fwd: [NOTICE] compromised jira passwords
Date Mon, 12 Apr 2010 13:37:43 GMT
Please note the following and take action as appropriate.


Begin forwarded message:

> From: Joe Schaefer <>
> Date: April 10, 2010 1:24:14 PM EDT
> To:
> Subject: [NOTICE] compromised jira passwords
> Reply-To:
> Hello Apache community@ [1],
> As you are probably aware we have been working to restore services
> that have been compromised by a very targetted attack against Apache's
> jira installation.  The good news is that jira is back online, with
> bugzilla and confluence soon to follow [2].  The bad news is that the
> hacker was able to rejigger jira's code to sniff any cookies and
> passwords sent to the server between April 6 and April 9.  If you
> used jira at all this week, including via IDE's that interface via
> SOAP, it is IMPERATIVE that you take time to immediately reset your
> jira password, and possibly your ldap password if those match up.
> If you have admin privs in jira your password was reset by us, so
> you'll need to use the password reset form in jira to regain access.
> To have a reset password mailed to your contact information in jira,
> visit
> When you do login to jira be sure to double-check your contact info.
> To change your ldap password login to and run
> /usr/sbin/passwd, or else visit
> .
> Thanks for your patience and diligence in this matter.  A blog post
> will be forthcoming which will provide details of the attack and
> what we have done to mitigate future hack attempts.
> [1] feel free to forward this note to any other apache mailing list,
> public or private.
> [2] at this time we do not believe the hacker compromised the confluence
> and bugzilla installs, but we are awaiting confirmation from our admins
> before bringing those back online.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View raw message