Hacker News new | past | comments | ask | show | jobs | submit login
Heroku working to fix Heartbleed (heroku.com)
12 points by zizee on April 8, 2014 | hide | past | favorite | 4 comments



Heroku Product manager here, we're working as quickly as possible to assess and address all details around the issue. Three hours is our worst case to provide details as unfortunately is has been a slow evolving incident, though all hands are on deck and we're working to update status.heroku.com as broadly as possible as well as more direct channels.


What's exactly the problem? Could be fixed by either getting the latest package upgrades from you favorite distro or compile an old version yourself with a specific flag set as mentioned in the security report. Or are you behind some third-party SSL proxy that doesn't react that fast?


Most if, not all, competitors have already pushed their fix (eg http://blog.cloud66.com/security-vulnerability-cve-2014-0160...). Ouch, 3 hours to go for the next update, ie not a fix.


Title should be: Heroku still hasn't pushed a fix for HeartBleed




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: