Acquia security update list
This article is a list of critical updates performed on the Acquia platform, which in general have required major patches and customer notifications.
If you have specific questions about a particular vulnerability in this list and its status on the Acquia platform, contact Acquia Support.
The following events are ongoing, and have not yet been completed:
|18 Aug 2015||Acquia Cloud Enterprise security updates||August 2015 Acquia Cloud Enterprise security maintenance|
This is a list of recent events that have required customer action, or emergency maintenance of Acquia systems. These events have generally occurred in the last six months. For events older than six months, review the table of Archived events.
|3 March 2015||SSL/TLS FREAK Vulnerability||Not vulnerable|
|October 2014||MySQL vulnerabilities||Under evaluation|
This table is an archival list of critical updates performed on the Acquia platform. In general, these notifications required major patches and customer notifications. If you have specific questions about a particular vulnerability in this list and its status on the Acquia platform, contact Acquia Support.
|15 March 2015||SMACK TLS & other OpenSSL||Completed|
|April 2015||Upgrade Ubuntu Lucid (10.04) to Precise (12.04)||Upgrades completed|
|18 December 2014||GitHub 2.2.1 security vulnerability||Acquia applied required patches|
|9 December 2014||TLS vulnerability||Acquia servers not vulnerable|
|15 October 2014||Drupal 7.x SA-CORE-2014-005||Temporary mitigation applied to servers, customers supplied with upgrade instructions|
|14 October 2014||POODLE||SSL 3.0 disabled across Acquia platform on 14 October 2014|
|24 September 2014||Shellshock||Acquia applied required patches: GNU Bash on 24 September 2014 and Ubuntu on 9 October 2014|
|8 July 2014||Service disruption during 1.78 release||Race condition corrected, release deployment completed 8 July 2014|
|6 June 2014||Ubuntu security updates||Patches completed by Acquia on 6 June 2014|
|5 June 2014||OpenSSL TLS MITM||Patches completed by Acquia on 5 June 2014|
|7 April 2014||Heartbleed||Patching completed by Acquia on 7 April 2014, instructions for customer updates supplied|