Earlier this week a new website vulnerability was disclosed to the public which affected many sites across the Internet, including liferay.com. This vulnerability, dubbed Heartbleed, was discovered in OpenSSL, a widely-used software library that implements SSL.

Our web team immediately updated the software that runs liferay.com to fix the vulnerability, and is now in the process of revoking and re-issuing our SSL certificates to ensure that the site is secure. Once this is complete, all users will be strongly advised to change their passwords used to access liferay.com. Another post will be made here once this has been done.

Liferay Portal and other Liferay products do not include OpenSSL and therefore are not directly affected, but if you are using Liferay software on your site along with software such as Apache or nginx, you should verify whether your site is affected, and follow steps listed here to update your website software and SSL certificates.

For more information on this issue and other security issues, read Liferay's security statement.