Is YouTrack affected by Heartbleed ?

I installed youtrack on Windows with the default installer, then configured \conf\server.xml aqnd web.xml etc to enable SSL.

Does this make me vulnerable to the heartbleed bug?

I have no Apache/Tomcat/OpenSSL background, so apologies if you find yourself answering "Obviously..."  :-)


Comment actions Permalink
Hello Thomas,

Thanks for the question.
Actually, YouTrack uses plain Java SSL implementation, that is, we don't use OpenSSL.
The issue won't affect you, if you use YouTrack installation from the box. But please, mind that some web-servers use OpenSSL. If you install YouTrack + nginx (or any that uses OpenSSL), the issue may reproduce.
In your case, you install YouTrack, and AFAIU are not going to use any web-server above, then you don't need to do anything, the issue won't affect you.

Thank you.
Comment actions Permalink
Thanks, Andrey.

Please sign in to leave a comment.