Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Each month Eficode does a monthly maintenance break at a predetermined time window. While we aim for continuous delivery, during the maintenance break the services might be down. During these breaks we install all security patches (if they haven't been installed earlier) and upgrade service components to new versions. We sends a list of changes a week before scheduled maintenance to listed persons. 

Example of the e-mail

   planned for the upcoming Root-platform monthly maintenance break:
  
- Artifactory update to version 6.13
- Confluence DC relocation Jenkins version 21902 LTS Jenkins Pipeline componentsJenkins Security Jenkins SonarQube plugin updates:
  * SonarC#
  * SonarHTML
  * SonarPython
- patches for all    downtime for Confluence about 1 hour the break window   our  blog post at https://www.eficoderoot.com/blog/whats-new-this-november

Hi,

  
Following operations and changes have been

planned for the upcoming <Service> monthly maintenance break:
  
- Product XXX update to version X.XX
- Service YYY migration to a clustered server set up
-

Server ZZZ major update to

version X.

XXX.

X LTS
-

Product XXX plugin updates:
  *

Update plugin X1
  * Security updates (

Product security advisory)
  * Other recommended updates (Eficode

baseline)
-

Operating system distribution security updates and

patches for all server systems

  
Estimated

downtime for <Service> due to the relocation and cluster set up is

about 1 hour. We will add a notification banner to the system to inform end users of the reduced service availability during

the break window.

  
* * *
Check out

our "What's new"

 blog post at <url>

Additionally we release our change highlights in our website websites e.g. https://www.eficoderoot.com/release-notes/ 

...

Eficode follows the public and private streams for security related to your ROOT environmentall environments. When we gain information on a vulnerability we inform our customers on a patch moment the exact time the patch time or mitigation that has been applied. If the problem is not catastrophic we aim to run install these after business hours around 18:00-20:00 of EET.   We sends an also send a list of changes ASAP before to listed relevant persons. 

Examples of the emails

Mitigation

security
vulnerabilities Atlassian Jira CVS201915001 and
Atlassian Jira Service Desk (CVE-2019-14994) these
vulnerabilities mitigation
workaround Atlassian Jira and/or Jira Service
Desk operating environments already prior to this public disclosure.
Starting in October
Jira 8 and Jira Service Desk 4 to
these ROOT

Hello,
 
Regarding the recently released advisories of critical severity

security vulnerabilities discovered in

<Product XXX (

XXX-

2020-

11111)

> and <Product YYY (YYY-2020-22222)>.
 
As an immediate measure, to prevent exploitation of

these vulnerabilities, we have implemented the appropriate

mitigation workaround, as instructed by

<Vendor ZZZ>, to your

<Product XXX> and <Product YYY> environments already prior to this public disclosure.


During <Next Service Break>, we will be rolling out major version updates to

<Product XXX> and <Product YYY>, which will contain permanent patches

to these vulnerabilities.
 
 
Sincerely,

Eficode

Support

Requires immediate patching by upgrading


Atlassian Bitbucket exact
nature and methods for exploitation been
embargoed until public release Atlassian Bitbucket to be
deployed ROOT platform 17th September between 18:00
and 20:00 EEST. Estimated downtime for Bitbucket service is 15 minutesIf this time suitable for downtime for your Bitbucket
serviceThank you.
 
Eficode ROOT

Hello,
 
A security vulnerability of critical severity has been discovered in

<Product XXX>, with all current versions being affected. The

exact nature and methods for exploitation of the vulnerability have

been embargoed and can not be disclosed

until public release.
 

We have scheduled the patched version of

<Product XXX> to be deployed to your

service *today*,

XX of

<Month>,

between hh:mm and hh:mm CET. Estimated downtime for <Product XXX> service is 15 minutes.
 

If this time frame is not

suitable for downtime for your <Product XXX> service, please contact Eficode support to reschedule the patch deployment.
 

Sincerely,
Eficode Support

Fits to

...

the maintenance window

Hello,
 
Regarding the recently released advisory of a critical severity security
security vulnerability discovered in Atlassian Bitbucket <Product XXX> (CVSXXX-20192020-1500011111).
 
Just to let you know, we have already updated your Atlassian Bitbucket
<Product XXX> instance to a patched version 6 X.5X.2X in the scheduled monthly maintenance
maintenance break on 17th XX of September<Month>.
 
 Sincerely,
Eficode ROOTSupport