On March 24th, 2016, we'll be upgrading FogBugz On Demand to version 8.15.469. As usual, we'll upgrade accounts gradually from 1000 EDT (UTC - 4) to 1700 EDT. We do not expect any downtime during this window.
Our previous deploy has been completed successfully.
Two CVEs were announced today and, while public, are currently unpublished: CVE-2016-2324 and CVE-2016-2315. Both affect git and may allow remote code execution. There is currently no public proof of concept exploit available.
We have a few layers of 'special sauce' on top of both git and mercurial which would make successful exploitation exceedingly difficult, but out of an abundance of caution we quickly upgraded to a patched version of git that is not vulnerable.
On March 17th, 2016, we'll be upgrading FogBugz On Demand to version 8.15.434. As usual, we'll upgrade accounts gradually from 1000 EDT (UTC - 4) to 1700 EDT. We do not expect any downtime during this window.
Time for another Fogbugz upgrade. On Thursday, March 10th, we will be upgrading FogBugz to 8.15.374. We'll be upgrading accounts between 11am EST (UTC-5) and 6pm EST (UTC-5). There shouldn't be any downtime during that window. In addition, there will be a per-account schema change run at each account's local midnight. There may be a bit of downtime at that point.
We are aware of an issue impacting Kiln On Demand customers, whereby the SSL certificates used to secure HTTPS repository operations, and domains under kilnhg.com are using an older certificate.
We are currently working to remedy this problem by ensuring all servers have the correct certificate. In the meantime, SSH-based repository operations are unaffected, and customers can use SSH repository URLs to continue working with their repositories securely. Watch this space for an update once everything returns to normal.
Thank you for your patience, and apologies for the inconvenience. As always, please feel free to contact us with any questions.
Update 7:27AM 3/9/2016 ET (12:27PM 9/3/2016 UTC): All Kiln On Demand servers are now showing the correct certificate, and checks passing. If this outage impacted you materially, or if you have any questions, please let us know and we'll make things right.
We're upgrading FogBugz again. On March 2nd, we'll be upgrading all accounts to 8.15.354. We'll be upgrading accounts between 10am EST (UTC-5) and 5pm EST. There shouldn't be any downtime during that window.