About Craig Davies

Head of Security

Archives for Craig Davies

SSL and POODLE

Another day, another SSL vulnerability. Following the announcement of the POODLE vulnerability, we have removed SSL V3 support from all of our Cloud platforms.  Our testing shows this should not affect any of our users, and we encourage everyone to use up to date browsers and clients. If you find a problem, please contact us at support.atlassian.com.

Continue reading »

Encryption and Atlassian

Our values push us to keep improving in providing great solutions and helping every team. We support the SSL practices defined by the EFF in their Encrypt the Web report and we’re excited to update you on our progress. All Atlassian Cloud platforms now have: Encryption of Data links between centres. HTTPS enforced HTTPS Strict Transport Security (HSTS) across all sites Forward Secrecy implemented. If your email server supports it, email is sent encrypted with our HipChat and Atlassian

Continue reading »

OpenSSL and Atlassian

Since the announcement of the Heartbleed bug, our teams have been assessing the impact to our products and infrastructure and deploying fixes as needed. We've confirmed that this is not an issue within our products but is an infrastructure issue. We have reissued the SSL certificates across all our hosted infrastructure. This bug has been in there for a long time and in line with good practice, we recommend that all users change their passwords and regenerate any API and SSH keys as a precaution. Atlassian

Continue reading »