Updating Cloudfoundry Runtime to mitigate high severity runtimes
Scheduled Maintenance Report for anynines

We successfully upgraded the update. Please inform us via support@anynines.com if you see anything out of the ordinary.

Please note:
- We suggest that you upgrade your cf cli
- If your app uses one of the integrated buildpacks, please verify that your apps are using the correct version of your programming language of choice especially when using ruby, as the default buildpack removed support for 2.2.5.

Sven Schmidt
Posted Apr 21, 2017 - 11:23 CEST
We have successfully changed the Certificates, we will now continue with upgrading the runtime. Please be aware that not all API functions will be available during upgrade, but we do not expect app downtimes.
Posted Apr 21, 2017 - 08:46 CEST
In progress

we will now start the upgrade. We will begin by changing the SSL Certificates for the a9sapps.eu and a9s.eu domains.

Sven Schmidt
Posted Apr 21, 2017 - 08:03 CEST

to mitigate two High Severity UAA vulnerabilities we will upgrade all Cloud Foundry components tomorrow. We do not expect downtime but you may experience one of the following inconveniences during the maintenance:

- Inability to push or restage apps, as the Staging components auth gets migrated to mutual TLS.
- App instances will be restarted. You should not experience downtime, since the Executors are evacuated before they restart. We still advise you to use at least 2 instances of production apps at all times.
- Depending on your cf cli version you may need to upgrade your cli. You can always find the last cli version here: https://github.com/cloudfoundry/cli/releases
- Connection rubberbanding while the Routing Components reboot.

UAA vulnerabilities that will be mitigated:
CVE-2017-4973: Privilege Escalation in UAA: https://www.cloudfoundry.org/cve-2017-4973/
CVE-2017-4972: Blind SQL Injection in UAA: https://www.cloudfoundry.org/cve-2017-4972/
Posted Apr 20, 2017 - 07:27 CEST