Yesterday, Google found an SSL vulnerability called POODLE. Because online community security is the highest priority for us, we immediately took all the necessary steps to make sure that our clients can keep using our community software safely.
What is POODLE?
To summarize, POODLE stands for “Padding Oracle on Downgraded Legacy Encryption” and is a bug. SSL is used as the general way of securing data transmitted between your computer and a server. Within it there are several communication channels that your computer and a remote server can use to communicate with each other. Thus, one of these channels became vulnerable by POODLE in encrypting data. This lowered the security level when a computer was communicating with a server. Technical details can be found here.
Already, we can ensure that we no longer use SSL3.0 as a communication channel. No product from CMNTY got affected. Additional, there was no downtime for any of the platforms.