SA-CORE-2018-005, CVE-2018-14773: Infrastructure Mitigation
Incident Report for amazee.io
Resolved
Mitigations have been rolled out to our Lagoon clusters and all of the legacy platform.
Posted 17 days ago. Aug 02, 2018 - 01:38 CEST
Update
We are continuing to work on a fix for this issue.
Posted 17 days ago. Aug 02, 2018 - 01:13 CEST
Update
We are continuing to work on a fix for this issue.
Posted 17 days ago. Aug 02, 2018 - 01:00 CEST
Identified
We are working on an infrastructure mitigation for SA-CORE-2018-005 (https://www.drupal.org/SA-CORE-2018-005), also known as CVE-2018-14773 (https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers)
Posted 17 days ago. Aug 02, 2018 - 00:25 CEST
This incident affected: Switzerland (zh1.cluster, zh1.single, zh2.single, zh1.compact, zh2.cluster, zh2-compact, ch1.lagoon), General (API, Deployment Infrastructure, Nameservers, dev1.compact), USA (us2.compact, us1.lagoon), Germany (de1.compact), Finland (fi1.compact), United Kingdom (uk1.compact, uk2.compact), South Africa (sa1.compact), and on-premise servers.