@prayas1337 reported that an automated scanner was identifying GitHub.com vulnerable to the OpenSSL CCS bug. This was a surprise, as we had patched our copy of OpenSSL soon after the OpenSSL CCS vulnerability was made public. However, a bug in our automated deployment caused some hosts/applications to fail to update to the latest release.

We addressed the vulnerability by fixing the bug in our automated deployment and performed an audit to ensure all hosts/applications were updated to the latest version of OpenSSL.