Dear Customers,

Today, we were made aware that a severe security leak impacts one of the most used software in the world, OpenSSL. This is a very trusted library involved in encryption for HTTPS. The security breach doesn’t impact SSH. Apache and ngix rely on this implementation, therefore more than 60% of the world’s servers may be impacted. You can find more information about the security leak, named Heartbleed, on the website heartbleed.com.

We assume you need the best security for your data. We have decided to go ahead and upgrade our servers with the security patch immediately. We are sorry for any inconvenience and we hope you value security over a short disruption of service.

Following this upgrade, we are back to normal service on all our servers:

• CYO Create-Your-Own for Confluence OnDemand: We have changed the domain name to https://create-your-own.play-sql.com and issued a new certificate. We will not revoke the certificate for the old domain as we won’t serve content from it anymore. All users have been logged out from the old domain, we are expect Atlassian will soon approve the new add-on version and deploy it on all servers.
• SQL Connector for Confluence OnDemand: HTTPS is provided by Heroku and they are not vulnerable anymore,
• Documentation: Upgraded this morning. We will not revoke the current HTTPS certificate because customers use HTTP to connect and no customer information is kept on that server.
• Sandbox: No upgrade needed as it does not use HTTPS.

Again we are sorry for the service unavailability. We believe we have made the best to ensure the security of your information.

Best regards,

Adrien Ragot, founder of Play SQL