Heartbleed

A critical security vulnerability known as Heartbleed was discovered in OpenSSL on April 7th, allowing unauthorized access to 64k chunks of memory without leaving traces in server logs. This prompted Semaphore to upgrade OpenSSL to a secure version and replace SSL certificates across their infrastructure to prevent future attacks. Although no harm was detected, Semaphore advised users to change their passwords and reset API tokens, providing a straightforward method to do so in their project settings. Additionally, they recommended enabling GitHub's two-factor authentication and resetting OAuth tokens, which was applied to all users. For those deploying to Heroku, users were informed that after changing their Heroku password, a new API token needs to be set in the server settings. Semaphore offered support through their app and email for any further concerns and invited users to discuss the issue on Discord.