The updates described are either important (where you need to take action) or of interest (you might want to know about these changes but you don't need to do anything).
Hotfix: Rails and JSON vulnerabilities
February 12th, 2013
Action: You should upgrade your cookbooks, Rails, and JSON for increased security.
We updated Ruby 1.9.3 to p385 to address the issues described in the Rails and JSON vulnerabilities security update.
Today's stack upgrade removes the vulnerable version shipped with Ruby 1.9.3. You still need to update your Gemfile or installed gems if you have a vulnerable version as a gem; see the security update for specific details.
We understand that you may not be able to upgrade your cookbooks (or choose not to do so) at this time. Or, you may not be using Bundler. In these cases, implement one of the workarounds described in the security update, workaround section.
Note: Ruby 1.9.3 has been updated with this hotfix; we will update others (Ruby 1.9.2, Rubinius, JRuby) as soon as possible.
Minor: Engine Yard Cloud stack upgrade
February 12th, 2013
Action: You automatically apply these changes the next time you click the Upgrade button for your environment.
Action: If you are running PostgreSQL, you should upgrade to the new version for better security.
- Adds swap partitions to AWS instances that do not automatically come with one.
- Adds Riak Search functionality.
-
Upgrades PostgreSQL versions to 9.2.3 and 9.1.8. These updates fix a denial-of-service (DOS) vulnerability.
Note: You should update your PostgreSQL installations as soon as possible. For more information, see PostgreSQL 9.2.3, 9.1.8 released.
- Bumps Ruby 1.9.3 to p385. See today's hotfix for more information.
Hotfix: Corrects Chef run failures after stack upgrade
February 7th, 2013
Action: You automatically apply these changes the next time you click the Upgrade button for your environment.
This hotfix is to correct sites affected by today's known issue with Chef runs. We corrected the issue with today's stack upgrade:
- Recipe takes stronger measures to ensure collector has been stopped before installing the upgrade.
Minor: Engine Yard Cloud stack upgrade
February 6th, 2013
Action: You automatically apply these changes the next time you click the Upgrade button for your environment.
- Fixes issues with Chef 10 stack (Limited Access release) that caused Unicorn and PHP installation issues.
- Fixes GitHub unavailability issue that blocked Node.js configuration dependencies install.
- Fixes replica (slave) backup issues for PostgreSQL; as of this stack update, only one replica (slave) will be backed up.
- Sets the application name to instance ID for synchronous replication in PostgreSQL 9.1.x and later versions.
- Resolves AppFirst collector issue (related to HAProxy).
- Fixes issue where HAProxy hangs after upgrade (affected <1% users).
If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.
Comments
Article is closed for comments.