Stackato 2.10.X NodeJS security fix v0.10.21

Posted by lorned on 2013-10-18 17:53
OS: All / Any | Product: Stackato | tags: nodejs patch router Security stackato
Question: 

I saw that NodeJS recently released a critical security patch. Is Stackato effected by this as it uses nodejs for the router component?

Answer: 

Yes, this vulnerability does impact Stackato. We have already generated a patch which will replace the existing Node version with their updated version.

###2.10.4
You can download the patch at http://get.stackato.com/patch/2.10/stackato-2.10.4-nodejs-security-fix.sh. This patch will need to be applied to any nodes running the 'router' role as well as your core role (which acts as a router). The patch can be applied via 'sh stackato-2.10.4-nodejs-security-fix.sh'. After applying this patch you should restart your router role by executing 'kato restart router'.

###2.10.6
This patch is available for 2.10.6 through the kato patch command. You will need to update your manifest via 'kato patch status', and you can install the patch after doing that by executing 'kato patch install'. This patch will require a sudo password, and you should note that it will restart your router.