Friday, October 26, 2012

What happened to the bug trackers and plugin downloads?

Wednesday was the day we scheduled the October release but we did not release a new version. Why?

On Wednesday morning, our administrator noticed an unusual activity on our development server that hosts the revision control system, bug trackers, file releases, etc. He immediately shut the server down and began to investigate what happened. Unfortunately, someone found an exploitable bug in the FusionForge project management system we are using for developing BibSonomy (and also for many other student projects) and managed to break into the system.

Besides further investigating the damage, we are currently setting up a new server that then hosts all the tools we need for development. However, since the bug in FusionForge has not been fixed, yet, we are not able to make the service available outside our network. Hence, until the bug is fixed or we find another solution, the bug trackers will not be available. For the file releases (e.g., JabRef plugin, TeXlipse plugin, etc.) we will find an intermediate solution that hopefully will be set up during the next week.

We will continue with the release next week and be particularly careful when merging changes in the source code. BibSonomy is not affected by the incident, since it is running on another server in another network. Additionally, your data is secured by geographically distributed live backups.

However, if you had previously created an account on our development server (https://gforge.cs.uni-kassel.de/) and have used the password from there on other services, we highly suggest that you change it immediately on the other services, since we can not exclude the possibility that the attacker had access to the password hashes on our development server.

Sorry for the trouble and back to normal: happy tagging!