subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nico Kadel-Garcia <>
Subject Recent Heartbleed OpenSSL bug may affect HTTPS Subversion servers
Date Fri, 11 Apr 2014 03:53:14 GMT
I was just realizing that no one has mentioned it here: For anyone
running HTTPS based Subversion servers, they should really take a good
look at whether their web server is vulnerable to the "HeartBleed"
security problem in OpenSSL. There are various good write-ups about
it, but even an internal website vulnerable to these hacks could
apparently have usernames and passwords stolen by a zombied or
rootkitted host inside your network. So strongly consider updating
*all* your websites to avoid the bug, and other bugs, and strongly
consider your password management and expiration procedures for
vulnerabilities that may have been exploited any time in the last two

View raw message