Since the announcement of the Heartbleed bug, our teams have been assessing the impact to our products and infrastructure and deploying fixes as needed.
We’ve confirmed that this is not an issue within our products but is an infrastructure issue. We have reissued the SSL certificates across all our hosted infrastructure.
This bug has been in there for a long time and in line with good practice, we recommend that all users change their passwords and regenerate any API and SSH keys as a precaution.
Atlassian (downloadable) server products use the host operating system SSL Library, so if you have enabled SSL on your own installations of JIRA, Confluence, or any other Atlassian product, we strongly recommend you check the OpenSSL version you have installed and install the necessary fixes.
Where to find more information