On April 7, a serious weakness in the OpenSSL library known as the “Heartbleed” bug was identified. Your data security is top priority and we have promptly and thoroughly investigated any potential impacts. We’re pleased to say that at no time was ThoughtFarmer Cloud or the ThoughtFarmer website vulnerable to the Heartbleed bug.
- ThoughtFarmer Cloud does not use OpenSSL and as such is not vulnerable to this issue.
- The ThoughtFarmer website and Intranet Statistics use a version of OpenSSL that is not susceptible to this issue.
- On-premise ThoughtFarmer customers should not be affected by this issue unless you are using an SSL proxy that uses OpenSSL in front of the web server running ThoughtFarmer. If you are using a proxy, you can validate it online by using http://filippo.io/Heartbleed/ or by downloading the tool here https://github.com/FiloSottile/Heartbleed and running it locally.
- Our Helpdesk software is powered by Zendesk. Zendesk has updated their systems to mitigate this issue. Zendesk is recommending (as an added precaution) to change your passwords.
- We continue to test and verify our internal systems to ensure that no systems are vulnerable to this defect.
If you have any questions about this issue, please contact us at firstname.lastname@example.org.