All federal departments using software vulnerable to the so-called Heartbleed bug had been shut down this week
The directive issued late Thursday ordered the immediate disabling of public websites, calling it a precautionary measure until the "appropriate security patches are in place and tested."
However, the CRA says it is making "good progress" in getting things back online.
"The Minister of National Revenue has confirmed that interest and penalties will not be applied to individual taxpayers filing their 2013 tax returns after April 30, 2014 for a period equal to the length of this service interruption," the CRA said in a statement Saturday.
The Heartbleed bug is caused by a flaw in OpenSSL software, which is commonly used on the internet to provide security and privacy.
The bug is affecting many global IT systems in both private and public sector organizations and has the potential to expose private data.
It's not clear the extent to which other federal government systems were affected. Employment and Social Development Canada, which handles things like Employment Insurance and Canada Pension Plan, Social Insurance Numbers and passports, had issued a statement Wednesday saying its web applications do not use OpenSSL and are therefore not affected.
"We have also worked with Shared Services Canada to confirm that none of our other connectivity solutions were affected," the department said in a statement emailed to CBC News.
CRA services affected included tax-filing systems E-file and Netfile, as well as access to business and personal account data stored by the system and new applications for a record of employment. Taxpayers were assured they would not be penalized if they were prevented from filing a return on time because of the shutdown.
In the meantime, Canadians using commercial tax software may need to change their passwords, as some programs such as Turbo Tax were affected by the bug.
The Canadian Bankers Association had said online banking applications of Canadian banks were not affected by the bug.