Kernel Upgrades for Shared-Tenancy Stacks
Scheduled Maintenance Report for Aptible
Completed
The scheduled maintenance has been completed.
Posted 10 months ago. Oct 03, 2018 - 00:00 EDT
Update
The scheduled maintenance is complete. A subset of shared apps and databases in us-east-1 must still be restarted; this will be done in a separate scheduled maintenance tomorrow. Check back here (status.aptible.com) for scheduling information.
Posted 10 months ago. Oct 03, 2018 - 00:00 EDT
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted 10 months ago. Oct 02, 2018 - 21:01 EDT
Scheduled
Last week, a security vulnerability (CVE-2018-17182) in the Linux kernel was reported, and shortly thereafter a POC was posted that can achieve root privilege escalation: https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html

While our host configuration on Enclave prevents POCs like this one from being used successfully, we are nonetheless taking the precaution of upgrading the Linux kernel on all app, database, bastion and build instances in shared-tenancy stacks, to include the latest patches against this vulnerability.

The kernel upgrade process will involve restarting all databases in shared-tenancy stacks (this will result in ~1 minute downtime per database), then restarting all apps in shared-tenancy stacks (app restarts on Enclave are zero-downtime operations, so these restarts should be non-disruptive).

Apps and databases in dedicated stacks will NOT be affected by this maintenance.
Posted 10 months ago. Oct 02, 2018 - 20:51 EDT