Opened 2 months ago

Closed 2 months ago

Last modified 2 months ago

#3189 closed task (fixed)

Upgrade Nexus to v3.68.1 or later

Reported by: juanluisrp Owned by: robe
Priority: critical Milestone: Sysadmin Contract 2024-I
Component: SysAdmin/Repo Keywords:
Cc:

Description

A critical security vulnerability has been discovered in Nexus (CVE-2024-4956). The vulnerability has been fixed in Nexus v3.68.1.

Change History (11)

comment:1 by juanluisrp, 2 months ago

Owner: changed from jive to robe

comment:2 by robe, 2 months ago

Milestone: UnplannedSysadmin Contract 2024-I

comment:3 by robe, 2 months ago

Will start the process of upgrade shortly

comment:4 by robe, 2 months ago

Resolution: fixed
Status: newclosed

Upgrade complete.

comment:5 by jive, 2 months ago

Thanks, does anyone have time to rotate credentials (secrets / passwords)?

comment:6 by jive, 2 months ago

There are 4 build server users to contact ...

  • postgisbuild
  • gsdocker
  • gsbuild
  • gnbuild

comment:7 by jive, 2 months ago

I have sent email to the respective contact people for those build users. Not sure if we can do anything more than that?

If we feel more strongly I could reset the passwords (breaking the build servers) and wait for the respective teams to contact us?

comment:8 by juanluisrp, 2 months ago

Updated gnbuild password.

comment:9 by jive, 2 months ago

Updated the gsbuild password

comment:10 by robe, 2 months ago

I have updated postgisbuild password.

comment:11 by weskamm, 2 months ago

I have updated the password for gsdocker

Note: See TracTickets for help on using tickets.