Plone Website Accounts Safe from Heartbleed
The Heartbleed Bug—a vulnerability in the encryption software used by a large number of web sites, web-based services and APIs, automated systems, web appliances, routers, and even desktop and notebook operating systems—has concerned end users, system administrators, and much of the general public.
The Plone Administrative Infrastructure team has reviewed the encryption APIs used by the plone.org website and, have determined we are not vulnerable to Heartbleed. We strenuously believe that no secret keys, personal information, or personal passwords have been illicitly removed from plone.org.
There is no need to change your plone.org account's password at this time.
However, changing your password frequently may help prevent future unauthorized use. So you may want to change your password anyway. To do so, visit the password change form.