Engine Yard Developer Center

Engine Yard Release Updates February 2013

The updates described are either important (where you need to take action) or of interest (you might want to know about these changes but you don't need to do anything).

Hotfix: Rails and JSON vulnerabilities

February 12th, 2013

Action: You should upgrade your cookbooks, Rails, and JSON for increased security.

We updated Ruby 1.9.3 to p385 to address the issues described in the Rails and JSON vulnerabilities security update.

Today's stack upgrade removes the vulnerable version shipped with Ruby 1.9.3. You still need to update your Gemfile or installed gems if you have a vulnerable version as a gem; see the security update for specific details.

We understand that you may not be able to upgrade your cookbooks (or choose not to do so) at this time. Or, you may not be using Bundler. In these cases, implement one of the workarounds described in the security update, workaround section.

Note: Ruby 1.9.3 has been updated with this hotfix; we will update others (Ruby 1.9.2, Rubinius, JRuby) as soon as possible.

Minor: Engine Yard Cloud stack upgrade

February 12th, 2013

Action: You automatically apply these changes the next time you click the Upgrade button for your environment.

Action: If you are running PostgreSQL, you should upgrade to the new version for better security.

  • Adds swap partitions to AWS instances that do not automatically come with one.
  • Adds Riak Search functionality.
  • Upgrades PostgreSQL versions to 9.2.3 and 9.1.8. These updates fix a denial-of-service (DOS) vulnerability.

    Note: You should update your PostgreSQL installations as soon as possible. For more information, see PostgreSQL 9.2.3, 9.1.8 released.

  • Bumps Ruby 1.9.3 to p385. See today's hotfix for more information.

Hotfix: Corrects Chef run failures after stack upgrade

February 7th, 2013

Action: You automatically apply these changes the next time you click the Upgrade button for your environment.

This hotfix is to correct sites affected by today's known issue with Chef runs. We corrected the issue with today's stack upgrade:

  • Recipe takes stronger measures to ensure collector has been stopped before installing the upgrade.

Minor: Engine Yard Cloud stack upgrade

February 6th, 2013

Action: You automatically apply these changes the next time you click the Upgrade button for your environment.

  • Fixes issues with Chef 10 stack (Limited Access release) that caused Unicorn and PHP installation issues.
  • Fixes GitHub unavailability issue that blocked Node.js configuration dependencies install.
  • Fixes replica (slave) backup issues for PostgreSQL; as of this stack update, only one replica (slave) will be backed up.
  • Sets the application name to instance ID for synchronous replication in PostgreSQL 9.1.x and later versions.
  • Resolves AppFirst collector issue (related to HAProxy).
  • Fixes issue where HAProxy hangs after upgrade (affected <1% users).

If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Please sign in to leave a comment.

Powered by Zendesk