On September 24, a serious vulnerability was found in bash, a shell which is ubiquitous on Linux systems. If exploited, this vulnerability could allow arbitrary code to be run on the system. There are a number of different scenarios under which this vulnerability could be exploited, and it affects virtually all versions of bash.

We would like to reassure our customers that that we have patched all of our servers, and have verified that we are currently not vulnerable to this security issue. We have found no evidence that this vulnerability was used against any of our servers. We will continue to follow the development of this issue closely. Please contact us if you have any questions.

UPDATE: The patch for CVE-2014-7169 has now been applied as well on all our servers.

On April 7 a security vulnerability in the OpenSSL library was discovered. Named the Heartbleed bug, it has the potential to leak up to 64k of memory on a vulnerable server. This could potentially leak the SSL private key, which would then allow an attacker to decrypt HTTPS traffic to the server.

OpenSSL is used by a majority of web servers worldwide, including RepositoryHosting.com. Fortunately, though, the version of OpenSSL that we are running was not affected by this vulnerability. Therefore, there is no need to rotate your credentials at this time (though rotating your passwords periodically is generally good practice anyway).

We have checked with all the third-party service providers that we use, and they have all patched their systems now. We are rotating all our credentials for their services.

If you have any questions about this, please don't hesitate to contact us at support@repositoryhosting.com.