@@ -5,28 +5,26 @@ created_at: 2014-04-08
55author_name :pengwynn
66---
77
8- We've added a[ new API method] [ api ] for integrators to reset API authorizations
9- for their OAuth applications. Calling this method will invalidate the old token
10- and return a new token for applications to store and use in its place.
8+ As[ announced earlier today] [ heartbleed-blog-post ] , we are actively responding
9+ to the recently-released[ Heartbleed security
10+ vulnerability] [ heartbleed-blog-post ] in OpenSSL. While at this time GitHub has
11+ no indication that the attack has been used beyond testing the vulnerability, we
12+ recommend that integrators[ reset the API authorizations] [ api ] for their OAuth
13+ applications.
1114
12- This new method provides a safe way to reset user authorization without
13- requiring users to re-authorize the application on the web.
15+ We've added a[ new API method] [ api ] for this exact purpose. Calling this method
16+ will invalidate the old token and return a new token for applications to store
17+ and use in its place. This new method provides a safe way to reset user
18+ authorizations without requiring users to re-authorize the application on the
19+ web.
1420
1521Integrators can also use the existing revocation methods to[ revoke all
1622tokens] [ ] or[ revoke a single token] [ ] for their applications.
1723
18- ##Heads up: we're breaking the API for your protection.
19-
20- Due to the recent[ Heartbleed security vulnerability] [ heartbleed-blog-post ] that
21- affected most of the web, we've decided to revoke all GitHub OAuth tokens
22- created before our systems were patched.** Starting April XXth, 2014, we'll
23- begin revoking all OAuth tokens created prior to April XVth, 2014.** To
24- minimize impact to your users and your applications, we strongly encourage you
25- to begin[ resetting your tokens] [ api ] now.
26-
2724If you have any questions or feedback, please[ get in touch] [ contact ] .
2825
2926[ contact ] :https://github.com/contact?form[subject]=API+resetting+tokens
3027[ api ] :/v3/oauth_authorizations/#reset-an-authorization
3128[ revoke all tokens ] :/v3/oauth_authorizations/#revoke-all-authorizations-for-an-application
3229[ revoke a single token ] :/v3/oauth_authorizations/#revoke-an-authorization-for-an-application
30+ [ heartbleed-blog-post ] :https://github.com/blog/1818-security-heartbleed-vulnerability