Reading Time: 2 minutes
After the release of the #Heartbleed bug in Openssl we’ve taken several steps to make sure your data is secure.
After Heroku patched their Load Balancers we reissued and updated our certificate for codeship.io. You can check the new validity date in the certificate information of your browser.
We went through all of the services we use at Codeship, made sure that they already patched the #Heartbleed vulnerability and then changed our passwords at every one of these services.
In about an hour we will change the Github OAuth credentials and log everyone out of Codeship. In case you’ve connected your Codeship account with Github please make sure to reauthenticate by either logging back in through Github or visiting our OAuth authentications page to disconnect and reconnect your accounts so new tokens will be created: https://www.codeship.io/authentications
We will also update our OAuth credentials for BitBucket, Google and Cloudfoundry. Make sure to reauthenticate with these services as well so your login and deployment still works.
We have no reason to believe that the vulnerability was exploited and any data was lost, but as it is nearly impossible to be certain we advise you to change your password and especially any token or sensitive data stored in your Codeship configuration. Any api token or key that is stored in environment variables should be changed at the service and updated at Codeship.
Make sure you update your API Keys for deployments (Heroko, Nodejtsu, Modulus, AWS, …) or integrations like CodeClimate or Coveralls.
Please make sure that your own systems are patched and secured as well.