We have received several inquiries via our support channels about how CloudBees systems have been affected by CVE-2014-6271 (aka "shellshock") and the ongoing alert we have posted about AWS reboots.
CVE-2014-6271 status
CloudBees systems including Forge (Git/SVN), RUN@cloud (Apps/Databases) and DEV@cloud Jenkins Masters have been patched against CVE-2014-6271. DEV@Cloud Slaves are already hardened to allow arbitrary process execution via build scripts in isolated containers, but are being patched as an additional precaution.
Side note: the Forge outage on Sept 24 was a result of maintenance required to perform these security upgrades.
AWS reboot status
There is an active alert on status.cloudbees.com warning about a massive set of reboots that Amazon is performing on it's AWS systems (AWS is the primary provider of CloudBees computing resources). These reboots are not related to the shellshock alert, but may result in some small windows of service disruption. Where possible, we are rebooting servers ourselves ahead of the scheduled reboots to minimize disruption.