Company News

Protecting Against POODLE

Jama Software takes the security of its customers seriously. As a result, Jama has taken steps to protect against a new SSL vulnerability code named POODLE (Padding Oracle On Downgraded Legacy Encryption). Support has been disabled for SSL V3 on all servers. Testing shows that this should not affect existing customers, since all browsers supported by our application can use the newer TLS encryption standards.

What makes this vulnerability unique is that it allows attackers to force connections with secure websites to use a vulnerable version of SSL, which could allow attackers to see encrypted data. This vulnerability only affects SSL V3, which is an older encryption standard that has been around since 1996 and was superseded by TLS 1.0 in 1999. Most servers and applications still support SSL V3 for backward compatibility with older applications.

Jama’s systems will continue to support newer versions of TLS 1.0, 1.1, and 1.2. While we do not believe any customers will be affected by this change, we recommend that API customers verify use of a version of JRE 1.4 or higher that supports TLS. Customers using our SOAP API should also verify that their libraries have TLS support. Finally, anyone using IE 6 or older should upgrade to a newer browser.

For help with any related questions, please contact our support team.