Acquia security update list

This article is a list of critical updates performed on the Acquia platform, which in general have required major patches and customer notifications.

If you have specific questions about a particular vulnerability in this list and its status on the Acquia platform, contact Acquia Support.

Current events

The following events are ongoing, and have not yet been completed:

Date Vulnerability Maintenance status
18 Aug 2015 Acquia Cloud Enterprise security updates August 2015 Acquia Cloud Enterprise security maintenance

Recent events

This is a list of recent events that have required customer action, or emergency maintenance of Acquia systems. These events have generally occurred in the last six months. For events older than six months, review the table of Archived events.

Date Vulnerability Maintenance status
15 March 2015 SMACK TLS & other OpenSSL Completed
3 March 2015 SSL/TLS FREAK Vulnerability Not vulnerable
October 2014 MySQL vulnerabilities Under evaluation

Archived events

This table is an archival list of critical updates performed on the Acquia platform. In general, these notifications required major patches and customer notifications. If you have specific questions about a particular vulnerability in this list and its status on the Acquia platform, contact Acquia Support.

Date Vulnerability Mitigation
April 2015 Upgrade Ubuntu Lucid (10.04) to Precise (12.04) Upgrades completed
18 December 2014 GitHub 2.2.1 security vulnerability Acquia applied required patches
9 December 2014 TLS vulnerability Acquia servers not vulnerable
15 October 2014 Drupal 7.x SA-CORE-2014-005 Temporary mitigation applied to servers, customers supplied with upgrade instructions
14 October 2014 POODLE SSL 3.0 disabled across Acquia platform on 14 October 2014
24 September 2014 Shellshock Acquia applied required patches: GNU Bash on 24 September 2014 and Ubuntu on 9 October 2014
8 July 2014 Service disruption during 1.78 release Race condition corrected, release deployment completed 8 July 2014
6 June 2014 Ubuntu security updates Patches completed by Acquia on 6 June 2014
5 June 2014 OpenSSL TLS MITM Patches completed by Acquia on 5 June 2014
7 April 2014 Heartbleed Patching completed by Acquia on 7 April 2014, instructions for customer updates supplied