Please see http://status.cloudbees.com for status indicators and high level system status information.
For support, please visit support.cloudbees.com or email support@cloudbees.com

Monday 29 September 2014

Status of CVE-2014-6271 and AWS reboots


We have received several inquiries via our support channels about how CloudBees systems have been affected by CVE-2014-6271 (aka "shellshock") and the ongoing alert we have posted about AWS reboots.  

CVE-2014-6271 status
CloudBees systems including Forge (Git/SVN), RUN@cloud (Apps/Databases) and DEV@cloud Jenkins Masters have been patched against CVE-2014-6271. DEV@Cloud Slaves are already hardened to allow arbitrary process execution via build scripts in isolated containers, but are being patched as an additional precaution.

Side note: the Forge outage on Sept 24 was a result of maintenance required to perform these security upgrades.

AWS reboot status
There is an active alert on status.cloudbees.com warning about a massive set of reboots that Amazon is performing on it's AWS systems (AWS is the primary provider of CloudBees computing resources).  These reboots are not related to the shellshock alert, but may result in some small windows of service disruption.  Where possible, we are rebooting servers ourselves ahead of the scheduled reboots to minimize disruption.

Wednesday 24 September 2014

Forge Service restored

In the process of applying a critical security patch, Forge SVN,  WebDav and Maven repositories were made inaccessible starting roughly 19:00 GMT. Service was mostly restored by 19:15, with all services being available by 19:50.