Update 04-21-2014: LeanKit service provider, Akamai, mitigates vulnerabilities. Users advised to change LeanKit account password(s). Learn more
Initial checks with all of our vendors indicated that there were no LeanKit service provider vulnerabilities to Heartbleed. However, our content delivery network (CDN), Akamai, recently amended their previous statement to communicate to their customers that they are currently implementing fixes related to the Heartbleed issue. Akamai’s corrective actions, in part, include reissuing SSL certificates for all of their customers, including LeanKit.
We are actively monitoring updates from Akamai. When Akamai confirms that LeanKit’s SSL certificates have been rotated and that Akamai is no longer vulnerable, we will send out another update with next steps. In the meantime, there is no need for you to take action.
Additional information related to the evolution of Akamai’s response to the Heartbleed issue can be found here:
April 11: Heartbleed Update
April 13: Heartbleed Update (v3)
If you have any questions or concerns, please contact LeanKit Network Security at firstname.lastname@example.org.