Current status on Meltdown & Spectre Patches?

Christopher Fani January 10, 2018

Atlassian has acknowledged the security vulnerabilities and, as of last week, has begun implementing patches to AWS Linux and other OSs.  Has anyone heard of a more recent status/progress or milestones?  I have not received a response to any followups.    

3 answers

1 vote
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 10, 2018

Hi Christopher,

In regards to the current impact of Spectre and Meltdown, as our applications are hosted under the AWS services, you can see the following statement:

The vulnerability is expected to be patched via an incoming kernel update that will be announced for Ubuntu (Ubuntu Security Announcement) Also, our persistence tiers run as managed AWS services, so those have either already been upgraded transparently or will be updated during their next maintenance windows.

If you have any questions or need any further assistance, please just respond back to this thread.

Regards,

Shannon

0 votes
sysadmin January 16, 2018

Hi what about on premise hipchat appliance?

Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 16, 2018

Hi there,

The answer I gave previously is for our Cloud products.

If you're hosting HipChat on your own servers, then you will need to speak to your IT team in order to assess your environment for any risks.

Have a look at this blog post:

If you are running Atlassian Server or Data Center products, we recommend assessing your own IT environment for risks associated with these vulnerabilities. This includes browsers, operating systems and virtual computing infrastructure. 

Let me know if you have any questions.

Regards,

Shannon

ryebenedict
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 16, 2018

Ahoy from HipChat!

I did a quick check with our Hipchat Data Center/Server Team and, at the moment, our security team is aware of the issues and are currently investigating any potential impact to our products.

As Shannon mentioned, you can check with your IT team to update your infrastructure against these vulnerabilities, but will need to wait for a new release to update the operating system underlying Hipchat. (You can check out this Blog post to get an idea how these patches are applied from an infrastructural perspective.)

Rest assured, we've definitely got our sights on this vulnerability and are making sure we can safeguard our HipChat Data Center/Server customers from any potential risks. :)

With Kind Regards,

--- Ryan Benedict
HipChat Cloud Support

0 votes
Christopher Fani January 11, 2018

Thank you Shannon.  

Suggest an answer

Log in or Sign up to answer