Time: June 14, 2024, 2:09 p.m.

Status: Resolved

Update: For dedicated stacks only, <a href="https://www.aptible.com/docs/core-concepts/apps/deploying-apps/image/deploying-with-git/overview">git-based deployments</a> were not streaming logs about the deployment operation activity as they normally do. The deploy operations were running normally in the background but not streaming live logs to the CLI. This incident impacted git-based deploys from the CLI between June 14th, 5:44 AM UTC, and June 14th, 1:45 PM UTC. Our team has applied a fix, which has resolved the issue. Please contact our <a href="https://contact.aptible.com/">Support Team</a> if you have additional questions.

Time: May 7, 2024, 12:54 a.m.

Status: Resolved

Update: We are notifying our users of an issue where some metrics are not available on the Aptible Dashboard (app.aptible.com) for the period between May 5, 2024, 18:54 UTC and May 6, 2024, 22:50 UTC. We want to assure you that this does not affect the functionality of <a href="https://www.aptible.com/docs/metric-drains">Aptible Metric Drains</a>. If you have any concerns or require further assistance, please do not hesitate to reach out to our <a href="https://contact.aptible.com/">support team</a>.

Time: April 1, 2024, 8:18 p.m.

Status: Resolved

Update: Aptible is aware of <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-3094">CVE-2024-3094</a>, a critical vulnerability in XZ Utils, specifically affecting versions 5.6.0 and 5.6.1, with a CVSS score of 10, indicating a severe level of risk. This vulnerability results from a supply chain compromise and is present in data compression software widely used across major Linux distributions. The malicious code discovered in the affected versions allows for unauthorized system access, posing a significant security threat. The Aptible platform and services do not utilize the affected software versions and are not impacted. Aptible customers are urged to evaluate dependencies in their Docker Images and other systems and patch as needed urgently to mitigate the risk associated with this vulnerability. Given the scope and severity of the CVE, our security team continues to monitor the situation actively. If you have any concerns or questions, please contact the <a href="https://www.aptible.com/docs/support">Aptible Support team</a>.

Time: Feb. 1, 2024, 12:03 a.m.

Status: Resolved

Update: We have proactively addressed a recent security vulnerability identified as "Leaky Vessels," a container breakout issue affecting runc versions up to 1.1.11. This vulnerability had the potential to allow unauthorized access to the host OS from containers. Our team has promptly updated our systems, including all instances of runc to the secure version, to ensure the highest level of security for our platform and your services. This update mitigates the risks associated with this vulnerability. The following CVEs have been addressed on our platform: - CVE-2024-21626: <a href="https://snyk.io/blog/cve-2024-21626-runc-process-cwd-container-breakout/">runc process.cwd & leaked fds container breakout</a> - CVE-2024-23651: <a href="https://snyk.io/blog/cve-2024-23651-docker-buildkit-mount-cache-race/">Buildkit Mount Cache Race</a> - CVE-2024-23653: <a href="https://snyk.io/blog/cve-2024-23653-buildkit-grpc-securitymode-privilege-check/">Buildkit GRPC SecurityMode Privilege Check</a> - CVE-2024-23652: <a href="https://snyk.io/blog/cve-2024-23652-buildkit-build-time-container-teardown-arbitrary-delete/">Buildkit Build-time Container Teardown Arbitrary Delete</a> We assure you that our swift actions have kept our systems, and consequently your services, secure and unaffected by this vulnerability. We remain committed to maintaining the highest security standards and will continue to monitor and update our systems to safeguard your data and services. For more detailed information about this topic, you can refer to the Snyk blog post: https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/

Time: Jan. 23, 2024, 8:11 p.m.

Status: Resolved

Update: This incident has been resolved.

Time: Jan. 23, 2024, 5:40 p.m.

Status: Monitoring

Update: For a small number of apps and databases deployed, restarted, or scaled since Friday, Jan 19th 16:00 UTC, metrics were missing from the Aptible Dashboard metrics view. There is no other impact; a fix is rolling out for metrics for those apps and databases, and this incident will be resolved once the fix has been completed.