LeanKit Services Not Affected by Heartbleed

Update 04-16-2014: LeanKit service provider, Akamai, addressing recently disclosed vulnerabilities. Learn more

Update 04-21-2014: LeanKit service provider, Akamai, mitigates vulnerability. Users advised to change LeanKit account password(s). Learn more

*********

You may have heard recent reports of a vulnerability, commonly known as “Heartbleed,” that affects the popular open-source library OpenSSL. We have confirmed that the LeanKit application and our internal supporting services are not affected by this vulnerability.

This bug, officially referenced as CVE-2014-0160, is not an issue with the design of SSL but is due to a programming flaw in the OpenSSL library implementation. Many organizations and services have been affected by Heartbleed and are working to implement fixes to mitigate this flaw.

Again, we have confirmed that the LeanKit application and internal supporting services are not affected by this vulnerability. The security of our customer’s information is absolutely critical. As always, we will continue to monitor our services for any issues related to this or other potential vulnerabilities.

If you have any questions or concerns, please contact LeanKit Network Security at netsec@leankit.com.

Leave a Reply