Engine Yard Release Updates November 2013

The updates described are either important (where you need to take action) or of interest (you might want to know about these changes but you don't need to do anything).

Security Hotfix: Engine Yard Gentoo 2009 stack upgrade

November 22nd, 2013

Action: We recommend you test this hotfix in your staging environment as soon as possible; then, when that is validated, click the Upgrade button for your production environment. After upgrading, deploy to ensure your apps are running on the new Ruby version.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the "Engine Yard Gentoo 2009" stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v2.png

It's best practice to upgrade your Engine Yard Gentoo 2009 (stable-v2) stack regularly for the latest security and product updates. This week's updates:

  • Updates Ruby 1.9.3 to patch 484 and Ruby 2.0.0 to patch 353. These updates resolve a heap overflow vulnerability identified in CVE-2013-4164
  • No upgrades will be released for Ruby 1.8.7 or earlier. These versions are End-of-Life and no longer supported. We highly recommend that you upgrade to Ruby 1.9.3 or later.

Security Hotfix: Engine Yard Gentoo 12.11 stack upgrade

November 22nd, 2013

Action: We recommend you test this hotfix in your staging environment as soon as possible; then, when that is validated, click the Upgrade button for your production environment. After upgrading, deploy to ensure your apps are running on the new Ruby version.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the "Engine Yard Gentoo 12.11" stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v4.png 

It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates. This week's updates:

  • Updates Ruby 1.9.3 to patch 484 and Ruby 2.0.0 to patch 353. These updates resolve a heap overflow vulnerability identified in CVE-2013-4164
  • No upgrades will be released for Ruby 1.8.7 or earlier. These versions are End-of-Life and no longer supported. We highly recommend that you upgrade to Ruby 1.9.3 or later.

For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.

Security Hotfix: Nginx security vulnerability

November 21st, 2013

Action: We recommend you test this hotfix in your staging environment as soon as possible; then, when that is validated, click the Upgrade button for your production environment.

We fixed the CVE-2013-4547 Nginx security vulnerability with today's stack upgrades.

Note: If you have not added a deny all; to your config, you most likely are not affected. The default Engine Yard config does not use the affected workflow. See below for details.

Hotfix: Engine Yard Gentoo 2009 stack upgrade

November 21st, 2013

Action: We recommend you test this hotfix in your staging environment as soon as possible; then, when that is validated, click the Upgrade button for your production environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the "Engine Yard Gentoo 2009" stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v2.png

It's best practice to upgrade your Engine Yard Gentoo 2009 (stable-v2) stack regularly for the latest security and product updates. This week's updates:

  • Updates Nginx to 1.2.9 to address the CVE-2013-4547 vulnerability.
  • Corrects Puma and Thin installs that were using the incorrect Nginx version.

Hotfix: Engine Yard Gentoo 12.11 stack upgrade

November 21st, 2013

Action: We recommend you test this hotfix in your staging environment as soon as possible; then, when that is validated, click the Upgrade button for your production environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the "Engine Yard Gentoo 12.11" stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v4.png 

It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates. This week's updates:

For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.

Minor: Engine Yard Gentoo 2009 stack upgrade

November 19th, 2013

Action: You automatically apply these changes the next time you click the Upgrade button for your environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the "Engine Yard Gentoo 2009" stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v2.png

It's best practice to upgrade your Engine Yard Gentoo 2009 (stable-v2) stack regularly for the latest security and product updates. This week's updates:

  • New Relic and Nginx reports more accurate processing time for Unicorn and Puma (no longer includes the inbound transit time, which can be substantial from mobile devices).
  • Fixes issue with monitoring endpoint client not being able to be stopped/restarted.

Minor: Engine Yard Gentoo 12.11 stack upgrade

November 19th, 2013

Action: You automatically apply these changes the next time you click the Upgrade button for your Engine Yard Gentoo 12.11 environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the "Engine Yard Gentoo 12.11" stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v4.png 

It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates. This week's updates:

  • New Relic and Nginx reports more accurate processing time for Unicorn and Puma (no longer includes the inbound transit time, which can be substantial from mobile devices).
  • Fixes issue where restarting PHP apps for New Relic integration was breaking Chef runs on Database and Utility instances.

General Availability: Managed Support

November 13th, 2013

Action: You can check out the available Support Plans today.

We are very happy to announce a new support tier called Managed Support. Engine Yard now has three tiers of support:

  • Standard Support: Our team assists you during business hours with planning, deploying and managing your running applications.
  • Premium Support: Available 24x7 and includes additional proactive services such as setting up customized alerting and communications plans (for example, PagerDuty).
  • Managed Support: Provides a wide range of white-glove services where Engine Yard is actively involved in managing your running application on your behalf. Furthermore, Managed Support has additional flexibility to handle very unique customer requirements.

What’s new is that now, for the first time, we will offer the Managed Support tier to customers using Engine Yard on AWS (and, in the future, for Engine Yard on Windows Azure too).

Note: For clarity, the product formerly known as Engine Yard Managed is now Engine Yard on Terremark and will continue to be offered only on our highest service tier: Managed Support.

For more information, see the Engine Yard Support Plan Summary or contact Engine Yard Support.

Early Access: Termination Protection

November 6th, 2013

Action: This is an optional Early Access release. No action required.

We are happy to announce the availability of this early access feature: termination protection.

This feature allows you to require a password re-entry when a user wants to terminate an instance or stop an environment.

For more information, see the doc: Use Termination Protection on Engine Yard.


If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.

Comments

  • Avatar
    Permanently deleted user

    EY,

    Thanks for adding this. Definitely want to make sure folks are careful.

    Regards,

    Hank

    0
    Comment actions Permalink
  • Avatar
    Christopher Bailey

    Can you provide details on, "New Relic and Nginx reports more accurate processing time for Unicorn and Puma (no longer includes the inbound transit time, which can be substantial from mobile devices)."? I'm wondering if you've changed X-Queue-Start (or similar header) to use ${msec} instead of the old start time? We've been doing this in a custom chef recipe for a while, so I'm trying to see if I can remove ours. I'm not finding what you might have changed or any reference to msec outside of our custom proxy.conf, so am unclear on what specifically EY changed here.

    0
    Comment actions Permalink
  • Avatar
    Permanently deleted user

    Hi Christopher. We are now using msec and the change is in proxy.conf. Could you please open a support ticket if you want more info?

    Thank you,

    -diana

    0
    Comment actions Permalink
  • Avatar
    Christopher Bailey

    Thanks Diana, I just verified that (removed our custom recipe and see your proxy.conf is identical to what we had).

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk