Heartbleed – OpenSSL Security

A severe flaw in openSSL, how we fixed it for our servers, and why you should update your Phrase password right away . Immediately after a bug report was published, our team updated the software on all Phrase servers and upgraded the openSSL library to the secure, patched version.

By now, many of you have heard of the severe Heartbleed security flaw in the OpenSSL library that was revealed earlier this week.

We have no reason to believe that this vulnerability has in any way been used to attack Phrase directly, but since it is almost impossible to tell, we recommend you to change the password of your Phrase user profile and refresh your project auth token.

Updating your password

To request a new password you can either:

  • Use the Forgot Password page. After entering your email address you will receive instructions on how to create a new password. Your old password expires automatically or
  • Log into Phrase and update your password on your profile page

Refreshing your project auth token

Since your project auth token is a password itself, too, you should refresh this secret as well. To do so, please visit your project settings page and click “Renew Auth Token”. This will expire your old token immediately and assign a new secret to that project.

If you use the Phrase API or in-context editor in any way, please don’t forget to update the auth token where necessary:

  • .phrase file (for the phrase gem)
  • In-context editor configuration
  • Custom API client implementation

If you have further questions please contact us: support@phrase.com

Be sure to subscribe and receive all updates from the Phrase blog straight to your inbox. You’ll receive localization best practices, about cultural aspects of breaking into new markets, guides and tutorials for optimizing software translation and other industry insights and information. Don’t miss out!