Yesterday an SSL vulnerability called POODLE was found by Google. Because online community security is the highest priority for us, we immediately took all the necessary steps to make sure that our clients can keep using our community software safely.
What is POODLE?
POODLE stands for “Padding Oracle on Downgraded Legacy Encryption” and is a bug. SSL is used as the general way of securing data transmitted between your computer and a server. Within it there are several communication channels that your computer and a remote server can use to communicate with each other. POODLE made one of these channels vulnerable in encrypting data, which lowered the security level when a computer was communicating with a server.
Technical details can be found here.
We’ve already made sure that SSL3.0 isn’t used as a communication channel anymore. No CMNTY products were affected and there was no downtime for any of the platforms.