I’m sure by now that most of you have heard of the Heartbleed bug, and the enormous risk to Internet security that this bug represents.
Heartbleed Will Not Affect Percussion CMS Software
While there is nothing intrinsic in Percussion’s software that makes our products specifically impacted by this bug, the fact is that many of our customers deploy our products on Linux-based web servers, and therefore would be at risk for this issue.
Linux Servers Will Require Patch
As has been documented elsewhere, any website which uses the OpenSSL library must be patched or updated, and following this all user passwords should be changed, in order to insure the continued security of the site. As nearly all major distributions of Linux use OpenSSL, and as the fix for the issue only became available this week, all servers should be considered as at risk and should be checked and updated as necessary.
How Do You Know You're Vulnerable?
Various tools are available to test your websites, such as http://filippo.io/Heartbleed/, however under some circumstances these tools cannot provide a definitive answer, due to firewalls, load balancers, and certain kinds of proxies. All Linux sites should be manually checked and updated in order to be certain they have been corrected.
Make sure you commit the necessary time and resources to check for potential vulnerability and implement available fixes to ensure the continued health of your website.
