There has been a major security flaw found in OpenSSL, which is installed on every server we run, and around 2/3rds of all servers in the world. This vulnerability is known as the Heartbleed bug.
The vulnerability was found and released on Tuesday, and we immediately went looking for the fix. The bug only affected certain versions of OpenSSL, which immediately meant about half our servers were never vulnerable. CentOS 6 included one of the vulnerable versions as default, which is used on the other half of our servers. CentOS released a patched version of what’s in use on the servers, and cPanel rolled it into their upcp software.
We spent Tuesday checking versions and patching all shared servers, and any managed Cloud, VPS, or dedicated server. At this point, if you’re on a shared service, or have server management, your server has been patched.