Engine Yard Release Notes - April 2015

The updates described are either important (where you need to take action) or of interest (you might want to know about these changes but you don't need to do anything).

Engine Yard Stack Release Notes for April 21st, 2015

Minor: Engine Yard Gentoo 12.11 stack upgrade

Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 12.11 environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 12.11 stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v4.png

It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates. This week's updates:

  • Fixed collectd monitoring of MySQL 5.5.

For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.


Security Hotfix: Engine Yard Dashboard - Snapshot Exposure Vulnerability

Action: No action on your part is needed; this fix was put in place on April 17th.

We have patched a non-sensitive information disclosure in our Snapshot management system and have verified no unauthorized alterations occurred using it.  We have also finished an extensive audit of related architecture to ensure this risk is fully eliminated.

 

Engine Yard Stack Release Notes for April 9th, 2015

Minor: Engine Yard Gentoo 2009 stack upgrade

Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 2009 environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 2009 stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v2.png

It's best practice to upgrade your Engine Yard Gentoo 2009 (stable-v2) stack regularly for the latest security and product updates. This week's updates:

  • Adds additional disk space to /tmp/eph1 from Ephemeral disk space on instances that provide a 30GB or larger ephemeral storage device (all instances except m3.medium and c3.large).
  • Patches sudo against vulnerability identified in CVE-2014-9680.  If you have any long-running sudo sessions (i.e.: sudo su -), you will need to stop them and restart to pick up the change.

For more information on Engine Yard Gentoo 2009, see the Engine Yard Gentoo 2009 docs.


Minor: Engine Yard Gentoo 12.11 stack upgrade

Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 12.11 environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 12.11 stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v4.png

It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates. This week's updates:

  • Adds additional disk space to /tmp/eph1 from Ephemeral disk space on instances that provide a 30GB or larger ephemeral storage device (all instance types except m3.medium, c3.large and the t2 types)
  • Patches sudo against vulnerability identified in CVE-2014-9680If you have any long-running sudo sessions (i.e.: sudo su -), you will need to stop them and restart to pick up the change.
  • Add Early Access support for PostgreSQL 9.4 Database Stack. 
  • Updates Ruby 2.2 (Early Access) to use 2.2.1 patch release.
  • Updates PHP version to 5.4.39 to address CVE-2015-0273, CVE-2014-9427, CVE-2015-0232, CVE-2015-1351 and CVE-2015-1352
  • Rebuilt Nginx 1.6.2 to use latest openssl (1.0.1m)
  • Maintenance upgrades to slightly improve boot times

For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.

Engine Yard Stack Release Notes for April 1st, 2015

Minor: Engine Yard Gentoo 2009 stack upgrade

Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 2009 environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 2009 stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v2.png

It's best practice to upgrade your Engine Yard Gentoo 2009 (stable-v2) stack regularly for the latest security and product updates. This week's updates:

  • Add PostgreSQL minor version upgrade support for 9.0.19, 9.1.15, 9.2.10, and 9.3.6.
    • Environments that have the "Prevent minor database version changes" checkbox checked will not automatically get this upgrade. We strongly recommend that clients running environments with PostgreSQL 9.0, 9.1, 9.2 or 9.3 process these minor version upgrades per instructions here: https://support.cloud.engineyard.com/entries/25699277-Database-Version-Upgrade-Policies
    • WARNING: This is a high risk upgrade for clients running PostgreSQL who have customized any of the the server's configuration via custom Chef. Such clients should consult with Engine Yard Support before processing this upgrade. Failure to do so could result in downtime from a crashed database server.
  • Fix incorrect value for swap warning and failure alerts.

For more information on Engine Yard Gentoo 2009, see the Engine Yard Gentoo 2009 docs.


Minor: Engine Yard Gentoo 12.11 stack upgrade

Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 12.11 environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 12.11 stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v4.png

It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates. This week's updates:

  • Add PostgreSQL minor version upgrade support for 9.2.10, and 9.3.6.
    • Environments that have the "Prevent minor database version changes" checkbox checked will not automatically get this upgrade. We strongly recommend that clients running environments with PostgreSQL 9.2 or 9.3 process these minor version upgrades per instructions here: https://support.cloud.engineyard.com/entries/25699277-Database-Version-Upgrade-Policies
    • WARNING: This is a high risk upgrade for clients running PostgreSQL who have customized any of the the server's configuration via custom Chef. Such clients should consult with Engine Yard Support before processing this upgrade. Failure to do so could result in downtime from a crashed database server.
  • Fix incorrect value for swap warning and failure alerts.

For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.


If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.

Comments

Article is closed for comments.