Last week, a security vulnerability (CVE-2018-17182) in the Linux kernel was reported, and shortly thereafter a POC was posted that can achieve root privilege escalation:
https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.htmlWhile our host configuration on Enclave prevents POCs like this one from being used successfully, we are nonetheless taking the precaution of upgrading the Linux kernel on all app, database, bastion and build instances in shared-tenancy stacks, to include the latest patches against this vulnerability.
The kernel upgrade process will involve restarting all databases in shared-tenancy stacks (this will result in ~1 minute downtime per database), then restarting all apps in shared-tenancy stacks (app restarts on Enclave are zero-downtime operations, so these restarts should be non-disruptive).
Apps and databases in dedicated stacks will NOT be affected by this maintenance.