Jumio wishes to inform you regarding the recent “Heartbleed” vulnerability in OpenSSL software.
- Immediately upon becoming aware, Jumio fixed the vulnerability in our systems. A hotfix was deployed early Wednesday 9 April UTC.
- We are currently making preparations to revoke and renew all certificates to complete the fix.
- New Netswipe and Netverify Mobile SDK versions will allow us to change mobile certificates as well.
In terms of next steps, please be aware of the following:
- Please be advised of the renewal of all Netswipe Web certificates on Thursday 17 April, which is particularly important if you employ Certificate Pinning.
- Please watch for an SDK release email on Friday 18 April and schedule your integration of the new release accordingly.
- Due to security reasons, we must renew all certificates no later than Monday May 12, at which time all previous SDKs will cease to function.
- Additionally, SDK versions are planned with new, flexible Certificate Pinning.
We will keep you apprised of new releases and new security alerts as soon as they are applicable. We always endeavor to keep your information safe and secure.
In the meantime, should you have any questions or concerns, please contact Jumio Customer Service at https://support.jumio.com or firstname.lastname@example.org. We will be able to assist you regarding this matter or others.