Developer Center

Severin Discher Jan 27 5 News and Notes / Security Updates

February 10, 2015: 1:45pm PT

A patch for v2 (2009a) is now available via the methods described in the February 2nd update.  

This concludes the planned development work to mitigate risk for CVE-2015-0235.  If you have any questions on how to apply the patch to your system, please do not hesitate to inform an Application Support engineer via our ticketing system.

February 6, 2015: 11:36am PT

The v2 (2009a) patch is still progressing through the QA process and is not yet ready for distribution, however we expect a release shortly.  

February 2, 2015: 3:20pm PT

The patch is fully ready for customers on 2012.11 to apply to their environments. Customers on 2009a will have a release later this week.

Once the Upgrade button on your environment’s dashboard becomes available, please click it to receive the patch. However, this will not purge the vulnerability from your environment(s). Once the upgrade process is complete, perform one of the following (listed in recommended preference order):

Simple, quick, with some downtime -Terminate and rebuild the environment using the most recent snapshot to fully purge the vulnerable software from all involved instances.

Maximized uptime -

* Cycle Application slave and utility instances (add new instance, then remove the older one, for each existing instance)
* Promote one Application slave to master
* Remove all existing DB slaves, making note of any names
* Add new DB slave, and wait for it to catch up to master
* Promote DB slave to master (this is the only step that results in downtime)
* Add back in DB slaves, using the previous names if applicable

NOTE: This requires a cluster setup -- those using single server setup will need to use one of the other methods.

Where speed is the most important - Disable takeover functionality, then manually reboot all instances simultaneously within the environment.
* Schedule a time where a short duration of downtime can be tolerated
* Edit environment and change the Takeover Preference to Disabled
* Save the environment change, then click Apply.
* Wait for Apply to complete.
* Log into each instance and reboot simultaneously: sudo shutdown -r now
* Wait for the instances to reboot and confirm your app is working
* If there are any issues after the reboot, click apply and re-deploy your app
* Open a support ticket if you need further assistance
* Finally, edit the environment to restore your Takeover Preference to its previous value, save, then click Apply.

If absolute minimum downtime required and fully comfortable with linux process management - Manually kill and restart selective processes running the old software by checking for them using `lsof | grep DEL.*lib.*\.so | awk '{print $2, $1}' | sort -un`

We understand these options are delicate to your operations. If you have questions, issues, or are not comfortable performing the above steps then please let us know via a support request. Our Application Support engineers are available to assist however possible.

January 29, 2015: 1:50pm PT

We have prepared a patch for manual installation, however the Cloud dashboard’s ‘Upgrade’ button can be invoked early next week to automatically install the patch for you.  We advise waiting until this function is ready for use.  This will need to be applied to all existing environments.

For assistance with the manual installation to your environment(s), please open or update your support ticket and an Application Support engineer will be happy to help.  

January 28, 2015: 4:16pm PT

A patch has been prepared and will be ready via the Cloud ‘Upgrade’ button tomorrow after the remaining preparation work has been completed.  We are satisfied with the testing results and the minimal changes to glibc.  

Please note due to the significant impact glibc has on the operating system, customer environments will need to be fully restarted shortly after the upgrade in order to ensure all vulnerable processes and services have been ended and brought up on the patched version.

Further instructions will follow once the patch is deployed.

January 28, 2015: 6:12am PT

Our engineers have made significant progress testing the patch and preparing a deployment plan. We expect to have another update on this event within the next couple hours.

January 27, 2015: 6:40pm PT

We are still working on a tested patch to mitigate this vulnerability. We will continue to update this article as work progresses internally.

January 27, 2015: 2:30pm PT

We are aware of a new vulnerability regarding glibc’s gethostbyname function (CVE-2015-0235).Many involved functions and local services are affected.  We are researching and testing these reports to determine the severity and scope of impact within Engine Yard’s infrastructure and hosted services.  

We will update this post again as details come available.  We recommend subscribing to this feed via the blue ‘Subscribe’ button once logged into Engine Yard’s Developer Center to receive email notifications of updates.  

Zhen Yin Jan 5 News and Notes / Announcements

We are happy to announce that Amazon S3 is now available on the Engine Yard platform.

You can now easily setup AWS S3 cloud storage buckets for use with your Engine Yard application. Simply log into the Engine Yard console and select "Cloud Storage" from the "Tools" drop down. From here you can setup storage buckets and configure users and permissions for all of our supported AWS regions. All charges for usage of AWS S3 will be added to your invoice under the "AWS Other Services". For more information, please see the Knowledge Base document here


Jamie Miller May 3, 2013 3 News and Notes / Announcements

We are happy to announce that Engine Yard Cloud customers can now file tickets directly from the Engine Yard Cloud dashboard. 

By clicking on the "File a Ticket" link,  in the right-hand corner, a ticket submission screen will now pop up. 


You will be able to file your ticket here, and then continue back to your dashboard, without having to navigate to the ticketing system directly. 


Upon completion of the form, you will receive an email confirmation with your ticket link.  

Note: Don't forget to search our documentation, too! Your question may already have an answer. 

Jamie Miller May 10, 2012 2 News and Notes / Help Desk Basics

Updated: January 11th, 2013

Do you want to know when new features are planned or when new release notes are published? Do you want to try out the latest Rails? Are you interested in learning how to customize your environment with Chef? Do you participate in our Community forum discussions?

If so, you should subscribe to our forums! By subscribing to the forums, you receive an email each time a new topic is created or an update has been made to an existing topic. (This feature works just like the "Subscribe" feature for ticket updates.)

You can subscribe in two ways:

  1. Subscribe to the entire forum. (In the example below, you would subscribe to receive emails alerting you of any new topics and any comments in any of the topics under the "Engine Yard Cloud Release Notes" forum.
  2. Subscribe to a specific topic. (In the example below, you would chose which topics in that forum you would like to subscribe to. For instance, you can choose to subscribe only to the "Engine Yard Cloud updates May 2012" topic.

Now it is extremely easy to be aware of all updates — in real time.

To subscribe via email:

  1. Click on the forum group, or the individual forum topic, that you want to receive updates about.
  2. Click on the  icon.

    You will begin to receive email notifications for forum activity effective immediately.


To subscribe via RSS feed:

If you would like to subscribe to a forum or topic via RSS feed, it is simply the forum url with .rss appended to it.  

For instance, if you would like to subscribe to the Known Issues forum, you would just subscribe to: 

If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.

Jamie Miller May 19, 2010 News and Notes / Announcements

Once your ticket has been solved, you will receive an email with a link to our 10 second survey.

We appreciate your feedback! 




Overview | Recent