Archive | Site Status RSS for this section

SourceForge response to Heartbleed

Hello,

A vulnerability is something susceptible to attack (regardless of whether attack actually occurs using that weakness), and a compromise is something that has been successfully attacked.

Sites and services across the internet have been impacted by a recent vulnerability in OpenSSL, CVE-2014-0160, known as “Heartbleed”. More information on this vulnerability may be found at http://heartbleed.com

Upon disclosure of this vulnerability, SourceForge’s operations team expeditiously reviewed all of our services and confirmed that the only vulnerable service was SourceForge’s Subversion over HTTPS on Allura (svn.code.sourceforge.net).

We are aware of no compromise of our systems. On Tuesday, vulnerable systems were updated to new versions of OpenSSL, and the related SSL certificates were revoked and re-issued with new private keys.

A mailing will be sent to those users who accessed the vulnerable service (svn.code.sourceforge.net) during the window of vulnerability. While we are aware of no compromise of data resulting from this vulnerability, to further reduce risk we are asking certain users to change their SourceForge password.

To change your SourceForge password:

  1. Go to https://sourceforge.net/account/
  2. Login with your username and current password
  3. Click the “Change Password” link on the resulting page
  4. Enter your current and new password in to the form and submit

Passwords may also be reset using the account recovery facility at https://sourceforge.net/account/registration/recover.php

If you do not already make use of a secure password manager, such as KeePass, Password Safe, Mac OS X Keyring, LastPass, etc. you may wish to begin using such a tool, which makes it easy to manage unique and long passwords for every site you access.

Questions and concerns may be directed to the SourceForge.net support team at sfnet_ops@slashdotmedia.com

Thank you,

SourceForge.net Support

Allura Platform Instability

Greetings,

We’re currently experiencing poor performance on the Allura platform which powers many of the tools on the SourceForge site. Our teams are working to get this fixed and back to normal as soon as they can. Until then, any pages served by the Allura platform are generally timing out and will fail to load. Some pages will occasionally load, but currently, they are mostly failing. Among others, the affected tools include Tickets, Forums, Wiki, Blog, and Code browsers.

Additionally, permission checks for writes to code repositories also interface with the Allura platform, so this may also cause code writes to intermittently fail with permission errors. Operations that don’t require a permission check (ie. read-only operations) are unaffected.

The File Release System is unaffected by this issue.

UPDATE: Project Icons and Screenshots are currently disabled as we continue to work on this issue.

UPDATE 2: Stability is greatly improved, however, our teams continue to work on this issue to make sure the root cause is addressed so it doesn’t recur. Project Icons and screenshots are also re-enabled.

UPDATE 3: We are now in a normal operating state, this incident is considered resolved.

Regards,
Chris Tsai, SourceForge.net Support

Authentication to code repositories down

UPDATE: This is now fixed

There are known issues with authentication to code repositories on SourceForge at this time. This is affecting all code repositories types, and all access protocols. Our team is investigating and working to fix this as soon as possible.

Other services such as site login, sftp, or the shell service are not affected.

Best Regards,
Chris Tsai, SourceForge.net Support

SourceForge Holiday Staffing

Greetings,

Many of our staff here at SourceForge will be taking time off for some well deserved rest and time with family for the Holidays. As a result, we will be at reduced staffing levels until after New Year’s. We will continue to monitor for urgent issues and will address them as appropriate. Non-priority issues may be held until after the Holidays.

Regards,
Chris Tsai, SourceForge.net Support

SourceForge site maintenance window on 2013-11-07

A maintenance window has been scheduled for 13:00-14:00 UTC 2013-11-07. A short period of SourceForge site downtime is expected during that time.

Regards,
Chris Tsai, SourceForge.net Support