• Created by user-97a1e, last modified by Unknown User (marieloolthuis) on Dec 22, 2021

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 49 Next »

INCIDENT NOTIFICATION

No incidents at this moment.

MAINTENANCE NOTIFICATION

OpenStack upgrades finished, Log4J vulnerability patched;

We have completed our OpenStack upgrades. We are now running on the latest version of OpenStack and can confirm that our systems are running smoothly.


Log4J update
In the past weeks a new priority has been added to our attention list; the Log4J vulnerabilities.

You might have been reading about this vulnerability in the press or on security blogs like the one from Google; Understanding the Impact of Apache Log4j Vulnerability  


Onetrail uses this software in various places and has extensively reviewed and researched this issue.


As a solution we updated all the relevant projects to the latest Log4J version 2.17. In addition, we have implemented a proxy rule to scan and if required block incoming traffic from the Internet.


MAINTENANCE NOTIFICATION

We would like to inform you about an update on our SFTP cipher suite:

To keep up with the highest security standards Onetrail has changed the number of SFTP cipher suites on our Production TPN- platform.

On the environments we will no longer support these two SFTP cipher suites.:

  *   arcfour128
  *   arcfour256

To keep your systems running smoothly make sure you use one of the following supported SFTP cipher suites that remain applicable and secured:

  *   aes256-ctr
  *   aes192-ctr
  *   aes128-ctr
  *   aes256-cbc
  *   aes192-cbc
  *   aes128-cbc
  *   blowfish-ctr
  *   blowfish-cbc


No special maintenance work is planned.

Regular updates are performed during our weekly maintenance window every Monday from 19.00 till 21.00 hour CET.


  • No labels