We have now completed all changes necessary to secure Bitbucket from security vulnerabilities related to the Heartbleed bug. Changes made to Bitbucket include;
- Upgrading Bitbucket’s load balancers to use new OpenSSL libraries
- Reissued and updated our SSL certificates
- Resetting long term authentication cookies
As a result of us removing the sessions related to authentication cookies, all users have been forced to re-authenticate when using bitbucket.org from a browser. We are also recommending, but not enforcing, that all users change their passwords.