Important notice about the Heartbleed bug for stSoftware customers

Standard install stSoftware servers are NOT effected by Heartbleed bug

Overview

The Heartbleed Bug is a recently discovered vulnerability in the OpenSSL cryptographic software library used by many of the world’s web servers to secure information using TLS. If the web site is vulnerable then a hacker could expose 64k of the server's memory without any trace in the server's logs. The server's memory exposed could include the server's private encryption key or other information such as usernames and passwords. 

stSoftware servers are NOT vulnerable to this attack

stSoftware Linux-based servers DO NOT use this library. The standard stSoftware server install is pure server side Java, which is not effected.

Clients that self host on their own servers should check all up stream hardware including routers and firewalls to confirm these components are not susceptible.

Actions for self-hosted clients

  • You can check if any site is vulnerable here

  • If you find your site is vulnerable then the SSL certificate for that site must be revoked immediately