On 7th April 2014 the OpenSSL project announced a security vulnerability in OpenSSL affecting versions 1.0.1 and 1.0.2 (CVE-2014-0160). This is now commonly being referred to as The Heartbleed Bug and has been widely reported in the media.
What does this mean for Delib customers?
The majority of Delib customer sites are not using vulnerable versions of OpenSSL and are therefore not at risk. We're contacting the handful of affected customers directly.
As general rule, we'd always advise that each password is unique. If your password for Citizen Space, Dialogue App or Budget Simulator is a duplicate of a password for a site which has been affected (common ones include - but are not limited to - Yahoo, Dropbox and possibly Facebook - see here for more) then we'd strongly recommend changing your passwords as an absolute priority and asking your colleagues to do so as well.
We've written some guidelines on creating secure passwords in the past.
If you have any further concerns or queries please don't hesitate to contact us on firstname.lastname@example.org