Release 6679: New WAF rules for CVE-2019-8144, potential abuse in the wild detected
In this release we have updated the Hypernode platform with new NGINX rules to block an attack on the Magento Page Builder. Last month with the Magento 2.3.3 and 2.2.10 Security Update a patch was released for a Remote Code Execution (RCE) vulnerability in the Page Builder: PRODSECBUG-2403: Remote code execution through crafted Page Builder […]
Read moreRelease 6675: The app user can now restart php7.3-fpm
When we added PHP 7.3 to Hypernode three weeks ago we forgot to add the privilege for the app user to restart this version. This has now been fixed. The app user can now restart this version of PHP as well. To restart php7.3-fpm on a Hypernode you can run:
1 |
app@83f01a-vdloo-magweb-cmbl:~$ hypernode-servicectl restart php7.3-fpm |
Note that restarting PHP […]
Read moreRelease 6627: The app user can read /etc/redis/redis.conf
It came to our attention that while the /etc/redis/redis-persistent.conf configuration file for the persistent Redis instance was readable by the app user, the default /etc/redis/redis.conf was not. We’ve now changed our configuration management to also make the redis.conf readable. before:
1 2 3 4 5 6 7 8 |
app@pup1w8-vdloo-magweb-cmbl:~$ cat /etc/redis/redis.conf cat: /etc/redis/redis.conf: Permission denied app@pup1w8-vdloo-magweb-cmbl:~$ cat /etc/redis/redis-persistent.conf # See https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf for a documented version of all available options daemonize yes pidfile /var/run/redis/redis-server-persistent.pid ... |
after:
1 2 3 4 5 6 7 8 9 10 11 12 |
app@pup1w8-vdloo-magweb-cmbl:~$ cat /etc/redis/redis.conf # See https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf for a documented version of all available options daemonize yes pidfile /var/run/redis/redis-server.pid ... app@pup1w8-vdloo-magweb-cmbl:~$ cat /etc/redis/redis-persistent.conf # See https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf for a documented version of all available options daemonize yes pidfile /var/run/redis/redis-server-persistent.pid ... |
For more information about our Redis configuration see this article.
Read moreRelease 6626: PHP updates, 7.0.33-12, 7.1.33-1, 7.2.24-1, 7.3.11-1 and 5.6.40-13
As announced on Friday, today we have updated the PHP version in our repositories to the following versions:
1 2 3 4 5 |
7.0.33-11 to 7.0.33-12 7.1.32-1 to 7.1.33-1 7.2.22-1 to 7.2.24-1 7.3.10-1 to 7.3.11-1 5.6.40-12 to 5.6.40-13 |
For details, see the PHP changelog or the Debian PHP Team packaging changelog.
Read moreRelease 6625: Preparing PHP upgrade for CVE-2019-11043
Yesterday a new vulnerability in PHP was disclosed where a specific setting of PHP-FPM, combined with a certain NGINX configuration, could result in the possibility of remote code execution. The Hypernode platform is not vulnerable, because our NGINX configuration does not satisfy the preconditions for this bug to be exploitable. However, to prevent similar attack […]
Read moreRelease 6591: php-xdebug for PHP 7.3 for hypernode-docker
In this release we update the version of php-xdebug in our repositories from 2.6.0+2.5.5-byte2 to 2.7.2+2.5.5-byte3. We updated to this new version in order to add support for the new PHP 7.3 (which since yesterday has also been available in the latest version of the docker). While it is not possible to use php-xdebug on […]
Read moreRelease 6586: PHP 7.3 available on Hypernode
Today we’re making PHP 7.3 available on Hypernode. In yesterday’s changelog some of the changes we did to incorporate this new version into our platform were described, and today we will be adding the option for customers to change to this new version in their production environment. You can switch to this new version of […]
Read moreRelease 6582: Sudo security update CVE-2019-14287
In this release we have updated the sudo package to address CVE-2019-14287. Yesterday a security vulnerability was announced where commands could be made to run as root using sudo if called with a specially crafted user ID. While we were not vulnerable to this attack, we have deployed this update to all Hypernodes, as additional […]
Read moreRelease 6581: Preparing Hypernode for PHP 7.3, Magento 2.3.3 preinstall and sample data
Now that Magento 2.3.3 has been released we have been preparing our platform for supporting PHP 7.3. Magento now officially supports PHP 7.3 since this new version. PHP 7.3 is supposed to be slightly faster than PHP 7.2 for specific work-loads, check out these benchmarks by Phoronix. In order to support this new version of […]
Read moreRelease 6570: php-apcu can be enabled via the hypernode-api
In this release we have added the new functionality of being able to enable the php-apcu PHP module using the hypernode-api. This module is required for running Akeneo and it can also be used by Shopware. We will not enable this module by default as it might get in the way of your Magento performance. […]
Read more