AnsweredAssumed Answered

Heartbleed / CVE-2014-0160 in Sugar On-Demand instances

Question asked by Mark Willert on Apr 9, 2014
Latest reply on Apr 21, 2014 by Chris Raffle
Is there an official statement how the recent OpenSSL security issue (CVE-2014-0160) affects SugarCRMs own hosting environment (On-Demand, sugarCloud)? Press coverage ist pretty hefty in Germany, some even go as far as supposing not to trust any HTTPS servers that do not have the issue fixed (test under http://possible.lv/tools/hb/, sugaropencloud.eu seems fixed) and are using certificates that have been issued before April 8th, 2014.

Any offical response from Sugar Inc.?

(I have opened a case for this, but I think it might be of public interest here)

Greets,
Mark


Outcomes