OpenSSL “Heartbleed” and Nirvana — We’re Good

You may have read in the news this week that a major bug, nick-named heartbleed, was reported in OpenSSL, the cryptographic library used by websites to encrypt and protect information transmitted over the internet.

Nirvana servers are not affected by this vulnerability. We run an earlier version of OpenSSL that is not vulnerable to the heartbleed bug. (version 1.0.0a to be precise)

That said, if you use the same email/password combination to login to Nirvana that you use on other affected sites, it might be wise to change your Nirvana password, as those sites may have been exploited to expose your passwords in transit. This will reset/rotate your authentication tokens throughout our systems, and you should be good to go.