Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 2016 environment.
Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 2016 stack. You can access it by using the Stack select field in the Environment UI: stable-v5-3.0.63
It's best practice to upgrade your Engine Yard Gentoo 2016 (stable-v5) stack regularly for the latest security and product updates. This update:
- Fixes typo in installation example of yarn README (PR - https://github.com/engineyard/ey-cookbooks-stable-v5/pull/421)
- Updates the functionality of the custom_ca_certs recipe to support the filtering of sensitive environment variables from the env.cloud file and therefore the application, for security. Existing users of the recipe will need to update their environment variable names to the new compatible format if update the recipe. (PR - https://github.com/engineyard/ey-cookbooks-stable-v5/pull/420)
-
Updates the functionality of the custom_haproxy_ssls recipe to support the filtering of sensitive environment variables from the
env.cloud
file and therefore the application, for security. Existing users of the recipe will need to update their environment variable names to the new compatible format if update the recipe. Environments running stack version stable-v5-3.0.62 and above no longer need to overlay the haproxy cookbook files. (PR - https://github.com/engineyard/ey-cookbooks-stable-v5/pull/419) -
Applies
Security Updates
to Memcached. Fixes the vulnerabilityCVE-2019-11596
,CVE-2016-8704
,CVE-2016-8705
andCVE-2016-8706
(PR - https://github.com/engineyard/ey-cookbooks-stable-v5/pull/418) - Applies
Security Updates
to Redis. Fixes the vulnerabilityCVE-2019-10192
(PR - https://github.com/engineyard/ey-cookbooks-stable-v5/pull/417)
For more information on Engine Yard Gentoo 2016, see the Engine Yard Gentoo 2016 docs.
Comments
Article is closed for comments.