In light of the recent CVE-2014-0160 vulnerability, aka “Heartbleed”, we wanted to update our users on our security status.
We were not directly affected by the Heartbleed vulnerability. No production imgix servers were running Heartbleed vulnerable code.
Several third-party services that we rely on were affected. However, we have no indication that any sensitive information could have been attained through these services. We apply many security best practices to ensure that highly sensitive information (e.g. passwords, AWS keys) are encrypted internally as early as possible and before transmission to a third party for use or storage.
While we have no reason to believe that we have been compromised, now would be a good time to take some added precautions just in case:
- Generate a new API key. You can change API keys by logging into https://dashboard.imgix.com, navigating to Account, and clicking the Reset button next to API key under “User Details”. Each user has their own API key, so encourage other users of your account to do the same.
- Change your password. Our passwords are stored using an adaptive hashing function that makes it very computationally expensive to brute force should they ever be compromised. However, like changing the batteries in your smoke alarm, it is a good practice to regularly change your password. We recommend using the strongest unique password you can.
- Update your Amazon credentials. If you are using Amazon S3 sources, we recommend rotating the S3 access credentials you have provided to us and double-checking that they are read-only. S3 credentials are strongly encrypted before being stored within our databases, but you should still use separate, read-only credentials for connecting to images via imgix.
If you have any questions, please contact email@example.com
Masking gives you the ability to have seamless edges and creative layering by defining the visible and non-visible areas of images. Read our tutorial on dynamic masking to learn how to mask your images on demand.
Here at imgix, we are dedicated to building tools that matter for our customers. We are rolling out a new web admin tool making the process of managing imgix accounts more efficient and transparent.
An integrated dashboard presents a breakdown of usage and billing for the current month, along with data visualizations on renders and CDN bandwidth.
An updated tool for image sources offers domain management, easy secure URL signing, undo and rollback options. Now you can configure your sources, see how your changes differ from what is live, and deploy or rollback what configuration is running in production. Additional features will be available in the coming weeks.
Note: In the future, source deployments will be automatic. For the moment, any changes you deploy will be queued up and deployed shortly thereafter by one of our engineers. Given the magnitude of recent changes, we are monitoring new source deployments individually to guarantee there are no problems. Additional questions can be directed to firstname.lastname@example.org.
Current customers can access the dashboard by logging in https://dashboard.imgix.com.
With imgix, you can serve up a single large Retina-compatible image and deploy it to other appropriate sizes and DPRs as needed. If you need to update your entire image library for a site refresh, imgix can manage it with just a few text changes instead of undertaking a massive sitewide image re-export.
Find out how to design your images to be retina-ready in our Designing for Retina tutorial.
Imagine being able to deploy a logo in a variety of different sizes, colorings, and adjustments from a single file. imgix provides the unique ability to do live real-time manipulation and conversion of vector objects within a PDF file and render them as raster assets for web use. Find out how in our tutorial on Managing Brand Assets from PDFs.
Vector assets are a great way to manage graphics that are simple and shape based, like icons and logos. With a few simple setup steps, you can greatly streamline creating these graphics on a grid and ensure that they scale cleanly at any device resolution. Find out how from our Best Practices for Vector Assets tutorial.