Between 9:00 PM and 11:59 PM Pacific time on Friday, March 30, 2018, the MySQL database software on each of our servers will be upgraded from version 5.6.38 to 5.6.39. This will cause an approximately 60 second interruption of service on each MySQL-using customer website at some point during this period.
This upgrade is necessary for security reasons and to fix bugs in MySQL. We apologize for the inconvenience this causes.
Update 9:36 PM Pacific time: The maintenance was completed as planned and all services are running normally.
The authors of the Drupal CMS software today announced a “highly critical” Drupal security bug (SA-CORE-2018-002).
This vulnerability is likely to be widely exploited soon. If you use Drupal 6, 7 or 8 without updating it, your site will be compromised (taken over by “hackers”).
To protect our customers who have installed Drupal, we have “patched” the vulnerable files on every copy of Drupal on our servers, blocking the attacks that we expect to see in the future. We used these patches:
So our customers are protected against this particular problem. But that doesn’t mean you shouldn’t upgrade Drupal: older versions also have other security bugs. If you’ve installed the Drupal software on your site, please make absolutely sure you’ve upgraded to the latest version today.
Update 4:30 PM Pacific time March 25: The changes described below have been deployed on all servers.
The PHP developers recently released versions 5.6.34, 7.0.28 and 7.1.15 that fix several bugs. Over the next couple of days, we’ll be upgrading the PHP 5.6, 7.0 and 7.1 series on our servers as a result.
In addition, we’ll be upgrading the less-commonly used Perl scripting language from version 5.14 to 5.20 at the same time. (These need to be updated simultaneously because of shared “dependencies” on certain software libraries.)
These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.
Update 11:55 PM Pacific time: The maintenance described below was completed successfully and all services are running normally.
Over the last year, we’ve been slowly upgrading our servers from Debian Linux version 7 (codename “wheezy”) to version 8 (codename “jessie”). We’ll be finishing that process over the next few weeks, with brief scheduled maintenance on each server.
The upgrade requires that each hosting server be taken offline for a few minutes over a three hour maintenance window and then restarted, causing brief scheduled “downtime” for websites and email on that server. The total downtime for any server should not exceed ten minutes during this three hour period.
Mail arriving while a server is being restarted will be queued and delivered after a short delay. No mail will be lost.
This coming weekend, we’ll be updating some (not all) web servers:
- Friday, March 9, 9:00-11:59 PM Pacific: servers ending in digit “2” (completed)
- Saturday, March 10, 9:00-11:59 PM Pacific: servers ending in digit “1” (completed)
So, for example, the “web12” server will be updated on March 9, and the “web01” server will be updated on March 10. This page explains how to find which server a site is on.
(Servers ending with other digits have already been updated in maintenance in previous weeks. This will complete the upgrades.)
Although the final step of the upgrade modifies hundreds of software packages on the server, we have tested it extensively don’t expect most customers to notice any change. Your website and email should continue working as they always have. However, if you do have any trouble, don’t hesitate to contact us.
