Stackato 2.10.6 Ruby Security Patch

Posted by lorned on 2014-01-22 12:19
OS: All / Any | Product: Stackato | tags: 2.10.6 patch ruby Security stackato
Question: 

I notice that ruby released a critical security update recently. Is stackato impacted by this?

Answer: 

Stackato is indeed affected by this. A patch has been generated and is available via 'kato patch'. As always this can be installed via 'kato patch status' followed by 'kato patch install.

Notes: This patch downloads a 50 MB tar file from our public download site, and will do so on every node in your cluster. This file will be removed once the patch is installed.

Additionally, this patch will restart EVERY role on EVERY node on your cluster as stackato makes significant use of ruby in a number of places. The outage shouldn't last more than a minute for each node though this might vary slightly depending on your IaaS solution.