Unless you missed the flurry of activity on the Internet this past week, you know about Heartbleed, the bug found on certain versions of OpenSSL, the open-source implementation of the standard security technology used by nearly everyone who wants an encrypted link between server and browser.
Word of the bug got out on April 8th, and CakeMail immediately applied necessary measures on the parts of our infrastructure that were backed by OpenSSL version (1.0.1-1.0.1e) affected by Heartbleed (CV-2014-1060).
For additional security, you might want to do the following as precautionary measures:
Change your password
Contact support team to:
Update and rekey your SSL certificate
Ask for a new API key for your CakeMail account, particularly if your website has been hit in the past.
If you have any questions or concerns, don’t hesitate to contact us - we’ll work together to keep all our users safe.
Official post of common vulnerabilities and exposures: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160