Responding to Heartbleed

Please change your OpenClinica passwords.

By now you’ve probably heard about the Heartbleed web security bug. At OpenClinica we take the security and integrity of our users’ data very seriously. We have been hard at work over the past 3 days responding to this vulnerability.

Our team worked into the wee hours the past two nights to respond to the problem, and I’m proud to say we have fully patched the vulnerability for all our OpenClinica Enterprise Optimized Hosting customers. If you run an OpenClinica Community instance, please check and patch your system as soon as possible. The vulnerability is at the certificate/server level, so there’s no new version of OpenClinica to install. The exact steps to update will depend on the environment you’re running on. We’ll provide some more information and references shortly. Here’s what you can do:

  • Check your site for vulnerability, using a checker such as https://lastpass.com/heartbleed/.
  • Update your server to current OS patch levels, including applying OpenSSL updates where applicable.
  • Generate a new key and SSL certificate for your domain, and deploy the new key and certificate to the server.
  • Check again via https://lastpass.com/heartbleed/ to confirm vulnerability is patched.
  • Have all users update their passwords.

 

Leave a Reply