The Heartbleed Bug
On April 7 a security vulnerability in the OpenSSL library was discovered. Named the Heartbleed bug, it has the potential to leak up to 64k of memory on a vulnerable server. This could potentially leak the SSL private key, which would then allow an attacker to decrypt HTTPS traffic to the server.
OpenSSL is used by a majority of web servers worldwide, including RepositoryHosting.com. Fortunately, though, the version of OpenSSL that we are running was not affected by this vulnerability. Therefore, there is no need to rotate your credentials at this time (though rotating your passwords periodically is generally good practice anyway).
We have checked with all the third-party service providers that we use, and they have all patched their systems now. We are rotating all our credentials for their services.
If you have any questions about this, please don't hesitate to contact us at firstname.lastname@example.org.