Ops One AG platform status and maintenance announcements. Times are indicated in local Swiss time. https://opsone.ch/.
All systems are operational
Scheduled Maintenance
Managed Server 9: glibc security update

We will update the following packages to the latest version:

  • libc6-dbg/stable-security 2.36-9+deb12u6 amd64 [upgradable from: 2.36-9+deb12u4]
  • libc6-dev/stable-security 2.36-9+deb12u6 amd64 [upgradable from: 2.36-9+deb12u4]
  • libc6/stable-security 2.36-9+deb12u6 amd64 [upgradable from: 2.36-9+deb12u4]
  • libc-bin/stable-security 2.36-9+deb12u6 amd64 [upgradable from: 2.36-9+deb12u4]
  • libc-dev-bin/stable-security 2.36-9+deb12u6 amd64 [upgradable from: 2.36-9+deb12u4]
  • libc-devtools/stable-security 2.36-9+deb12u6 amd64 [upgradable from: 2.36-9+deb12u4]
  • libc-l10n/stable-security 2.36-9+deb12u6 all [upgradable from: 2.36-9+deb12u4]

To load the new library version, all affected servers will reboot after the package was updated.

Start maintenance window: 25/04/2024 23:00
Stop maintenance window: 26/04/2024 02:00

Managed Server 8: glibc security update

We will update the following packages to the latest version:

  • libc-bin/oldstable-security 2.31-13+deb11u9 amd64 [upgradable from: 2.31-13+deb11u8]
  • libc-dev-bin/oldstable-security 2.31-13+deb11u9 amd64 [upgradable from: 2.31-13+deb11u8]
  • libc-devtools/oldstable-security 2.31-13+deb11u9 amd64 [upgradable from: 2.31-13+deb11u8]
  • libc-l10n/oldstable-security 2.31-13+deb11u9 all [upgradable from: 2.31-13+deb11u8]
  • libc6-dbg/oldstable-security 2.31-13+deb11u9 amd64 [upgradable from: 2.31-13+deb11u8]
  • libc6-dev/oldstable-security 2.31-13+deb11u9 amd64 [upgradable from: 2.31-13+deb11u8]
  • libc6/oldstable-security 2.31-13+deb11u9 amd64 [upgradable from: 2.31-13+deb11u8]

To load the new library version, all affected servers will reboot after the package was updated.

Start maintenance window: 25/04/2024 23:00
Stop maintenance window: 26/04/2024 02:00

Debian Updates: Managed Server 9

We will update the following packages to the latest version.

  • docker-ce/bookworm 5:26.1.0-1~debian.12~bookworm amd64 [upgradable from: 5:26.0.2-1~debian.12~bookworm]
  • docker-ce-cli/bookworm 5:26.1.0-1~debian.12~bookworm amd64 [upgradable from: 5:26.0.2-1~debian.12~bookworm]
  • docker-ce-rootless-extras/bookworm 5:26.1.0-1~debian.12~bookworm amd64 [upgradable from: 5:26.0.2-1~debian.12~bookworm]
  • locales/stable-security 2.36-9+deb12u6 all [upgradable from: 2.36-9+deb12u4]
  • openjdk-17-jre-headless/stable-security 17.0.11+9-1~deb12u1 amd64 [upgradable from: 17.0.10+7-1~deb12u1]
  • openjdk-17-jre/stable-security 17.0.11+9-1~deb12u1 amd64 [upgradable from: 17.0.10+7-1~deb12u1]

Start maintenance window: 29/04/2024 23:00
Stop maintenance window: 30/04/2024 02:00

Debian Updates: Managed Server 8

We will update the following packages to the latest version.

  • docker-ce-cli/bullseye 5:26.1.0-1~debian.11~bullseye amd64 [upgradable from: 5:26.0.2-1~debian.11~bullseye]
  • docker-ce-rootless-extras/bullseye 5:26.1.0-1~debian.11~bullseye amd64 [upgradable from: 5:26.0.2-1~debian.11~bullseye]
  • docker-ce/bullseye 5:26.1.0-1~debian.11~bullseye amd64 [upgradable from: 5:26.0.2-1~debian.11~bullseye]
  • locales/oldstable-security 2.31-13+deb11u9 all [upgradable from: 2.31-13+deb11u8]

Start maintenance window: 29/04/2024 23:00
Stop maintenance window: 30/04/2024 02:00

Debian Updates: Managed Server 7

We will update the following packages to the latest version.

  • docker-ce/buster 5:26.1.0-1~debian.10~buster amd64 [upgradable from: 5:26.0.2-1~debian.10~buster]
  • docker-ce-cli/buster 5:26.1.0-1~debian.10~buster amd64 [upgradable from: 5:26.0.2-1~debian.10~buster]
  • docker-ce-rootless-extras/buster 5:26.1.0-1~debian.10~buster amd64 [upgradable from: 5:26.0.2-1~debian.10~buster]

Start maintenance window: 29/04/2024 23:00
Stop maintenance window: 30/04/2024 02:00

Past Incidents

Tuesday 29th January 2019

NextCloud Update v15.0.2, scheduled 5 years ago

We will update NextCloud to Version v15.0.2. We expect a downtime of ~10 minutes.

Start maintenance window: 29/01/2019 00:00 CEST
Stop maintenance window: 29/01/2019 02:00 CEST

Thursday 17th January 2019

Managed Server Version 5 & 6: TLS/SSH Diffie-Hellman group updated, scheduled 5 years ago

In course of our half-yearly security checks, we updated the globally used Diffie-Hellman group to a new set for TLS and SSH.

Wednesday 16th January 2019

Managed Server Version 6: Add Support for Solr 7 and Remove Outdated Solr Versions
  • added support for Solr 7, see documentation for details
  • removed support for Solr 5
  • removed support for Solr 4
  • removed tomcat service which is not used anymore

Reference #498

Tuesday 15th January 2019

No incidents reported

Monday 14th January 2019

Managed Server Version 6: Website Service: Enable ModSecurity in DetectionOnly Mode

So far, there was no web application firewall on generation 6 servers, as we had yet to lay some groundwork before. With this change, we will enable ModSecurity and load the OWASP core set, please see the detailed changes below:

  • update nginx to the latest stable version 1.14.2
  • load ModSecurity base configuration
  • load OWASP core rule set
  • enable ModSecurity in DetectionOnly mode (= logging only)
  • detected requests are logged into the ModSecurity audit log at /var/log/nginx/modsecurity.log (accessible via devop user)

Next steps:

  • we will analyze all audit logs and take appropriate actions if required
  • we might contact you over the next 2 weeks to discuss required changes on our or your end if required
  • we're going to activate blocking mode (switch engine from DetectionOnly to on) on Monday, January 28th

Reference: #291

Sunday 13th January 2019

No incidents reported

Saturday 12th January 2019

No incidents reported

Friday 11th January 2019

No incidents reported