Dear Patrick.
Are Workstation Servers without installed OpenSSL secure? I am working with 8 Release. So what we must do (Change) to forward continuing secure working? I read this on Tor Blog about Hidden Services
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
Hidden services: Tor hidden services might leak their long-term hidden service identity keys to their guard relays. Like the last big OpenSSL bug, this shouldn't allow an attacker to identify the location of the hidden service, but an attacker who knows the hidden service identity key can impersonate the hidden service. Best practice would be to move to a new hidden-service address at your convenience.
Means this all Servers compromised or only with OpenSSL, so the Question, should i do a new Hidden Address?
Best Regards
grunge