...
| Info |
|---|
MAINTENANCE NOTIFICATION22-12-21; OpenStack upgrades finished, Log4J vulnerability patched We have completed our OpenStack upgrades. We are now running on the latest version of OpenStack and can confirm that our systems are running smoothly. Log4J update
In the past weeks a new priority has been added to our attention list; the Log4J vulnerabilities. You might have been reading about this vulnerability in the press or on security blogs like the one from Google; Understanding the Impact of Apache Log4j Vulnerability Onetrail uses this software in various places and has extensively reviewed and researched this issue.
As a solution we updated all the relevant projects to the latest Log4J version 2.17. In addition, we have implemented a proxy rule to scan and if required block incoming traffic from the Internet.
|
| Info |
|---|
MAINTENANCE NOTIFICATION
To keep up with the highest security standards Onetrail has changed the number of SFTP cipher suites on our Production TPN- platform.
On the environments we will no longer support these two SFTP cipher suites:
* arcfour128
* arcfour256
To keep your systems running smoothly make sure you use one of the following supported SFTP cipher suites that remain applicable and secured: * aes256-ctr
* aes192-ctr
* aes128-ctr
* aes256-cbc
* aes192-cbc
* aes128-cbc
* blowfish-ctr
* blowfish-cbc
No special maintenance work is planned. Regular updates are performed during our weekly maintenance window every Monday from 19.00 till 21.00 hour CET.
