and affected by "Cloudbleed" Cloudflare HTTPS traffic leak

Hey there,

apparently and are affected by the Cloudflare HTTPS traffic leak. It might be a good idea to change your passwords here.


Best wishes

Not all domains listed there are definitely affected. It might be good to know, if syncthing only uses Cloudflare DNS, or also Cloudflare SSL Proxy.

Even Cloudflare can’t tell how was affected. Their Head of Crypto explained, that the bug was triggered by only some of the Cloudflare customers, but the “memory dump” could contain data from any user from any Cloudflare customer.

There’s no private information that’s ever transmitted to, is there? Even if everything was leaked, there’s nothing there which is sensitive? No user sessions, auth, user accounts, etc (donations are made directly to vendors, I believe).

The forums are a different matter, but then the forums aren’t served from Cloudflare?

Nothing on has been proxied by cloudflare for a good, long while.