CodeShip Basic has several updates:
PHP 8.0.1 added
PHP versions updated to 7.3.26 and 7.4.14
Python versions updated to 3.8.7 and 3.9.1
CodeShip Basic has several updates:
PHP 8.0.1 added
PHP versions updated to 7.3.26 and 7.4.14
Python versions updated to 3.8.7 and 3.9.1
CodeShip Basic has several updates:
Ruby 3.0.0 added
JRuby updated to 9.2.14.0
ChromeDriver updated to 87.0.4280.88
CodeShip Basic has several updates:
PHP versions updated to 7.3.25 and 7.4.13
Composer updated to 2.0.8
composer self-update --1
Google Chrome updated to 87
Docker Hub will begin pull rate limits starting November 1, 2020. This may impact your Pro projects in several ways:
We encourage you to configure caching on your Pro projects. This gives you faster builds and after the initial build your project does not have to pull from Docker Hub each time, but rather uses our internal caching system.
Docker is introducing the following limits based on your Docker account:
If you encounter Docker Hub rate limit issues with your Pro projects, you can configure Docker Hub authentication. If you anticipate higher usage than what the free Docker plan offers, consider upgrading your Docker plan to unlimited pulls.
CodeShip Basic has several updates:
PHP versions updated to 7.2.34, 7.3.23 and 7.4.11
Python versions updated to 3.5.10, 3.6.12, 3.7.9, and 3.8.6
Python 3.9.0 added
Ruby 2.7.2 added
JRuby updated to 9.2.13.0
Google Chrome updated to 86
ChromeDriver updated to 86.0.4240.22
We removed the legacy GitHub OAuth integration from GitHub.
This integration was discontinued from active use in 2019, however remained configured for many repositories.
We do not expect any customer impact, however you may notice entries in your GitHub audit trail for the integration being removed from older projects.
In the unlikely case you are impacted, then the two most likely scenarios are described below.
If you experience a failure to trigger builds:
Go to GitHub and ensure the app is correctly configured - https://github.com/apps/codeship/installations/new
If you find your CodeShip builds are not able to checkout code:
Then follow the instructions for resetting the SSH key - https://documentation.codeship.com/general/projects/project-ssh-key
Dear CodeShip users,
We are reaching out to inform you of additional information we have uncovered as a result of our continuing investigation of the recent GitHub breach. To provide maximum transparency, we are reporting on the results of our investigation, the impact on users, actions you must take to protect yourself/your organization, and actions we will take to strengthen our security processes going forward.
On Wednesday, September 16, 2020, CloudBees was notified by GitHub of suspicious activities targeting CodeShip business accounts connected to GitHub via the CodeShip GitHub app and now deprecated CodeShip OAuth tokens. CloudBees immediately initiated an investigation conducted by our security and engineering teams, and on September 27, we identified additional evidence of malicious activity against a failover CodeShip database. On September 29, we uncovered evidence to indicate that a malicious actor had access to this failover instance during the period of June 2019 to June 2020. At this time and to the best of our knowledge, we have no evidence of malicious activity or attempts within CodeShip systems since June 2020.
What type of data was affected?
The impacted accounts are those of CodeShip users. No other products or accounts were affected and CodeShip is in no way integrated with other CloudBees products or systems.
For all CodeShip users:
For CodeShip Basic users:
For CodeShip Pro users:
Business contact information for invoicing purposes such as company contact name, company name, VAT number, postal address, phone number also may have been exposed. No payment information, such as bank account numbers or credit card numbers was exposed. No other CloudBees product other than CodeShip was impacted. Also, the logging system was not accessed for any customers.
Steps you should take
Although at this time we have no evidence that the data potentially exfiltrated has been used, all CodeShip users may have been affected (including free, Basic and Pro accounts) and should take the following steps:
At this time and to the best of our knowledge, we have no evidence of malicious activity or attempts within CodeShip systems since June 2020. We are continuing to monitor the situation.
Steps we are taking
As soon as we were notified by GitHub on September 16, we proceeded to rotate all our applications' internal secrets and rebuilt all our AWS AMIs. We are continuing to scrutinize our AWS security logs to monitor for suspicious activity, such as outbound connections to known malicious IPs. To date, we have not found any such activity.
We want you to be assured that we are taking steps to increase the security strength of the CodeShip product, including but not limited to:
Who to contact
For more information, please visit our CodeShip status page which we will continue to update with any new developments.
If you still have questions, please contact security@codeship.com.
Last but not least, I’d like to apologize for the impact this is having on you. In the decade that CloudBees has been operating SaaS applications, we have always taken full responsibility for our products and we do so today. Please be assured that we will do everything we can to prevent this from happening again.
Onward,
Sacha Labourey
CEO
CloudBees
On Wednesday September 16, 2020, CloudBees was notified by GitHub of suspicious activities targeting certain CodeShip accounts connected to GitHub via the CodeShip GitHub app and now deprecated CodeShip OAuth tokens. If your GitHub credentials are impacted, you already received or will shortly receive a notification from GitHub informing you of this incident.
The activities point to tokens being used to access the “/user/repos” GitHub API endpoint, which is used to list users’ GitHub repositories, including private repositories. It is possible your repositories were cloned, so please contact GitHub support as soon as possible.
As the suspicious activities involve user tokens, as a first step in response we revoked all GitHub related tokens and SSH keys to keep all accounts protected. You need to reauthenticate CodeShip with GitHub immediately to avoid a service impact.
Action Required
We are continuing to investigate the underlying issue and will update our blog to provide more information as soon as we better understand any additional implications and potential root causes.
Thank you.
CodeShip Basic has several updates:
PHP versions updated to 7.2.33, 7.3.22 and 7.4.10
Python versions updated to 3.6.11, 3.7.8 and 3.8.5
Google Chrome updated to 85
ChromeDriver updated to 85.0.4183.87
CodeShip Basic has several updates:
PHP versions updated to 7.2.32, 7.3.20 and 7.4.8
Google Chrome updated to 84
ChromeDriver updated to 84.0.4147.30