25 September 2014
With the recent announcement of the CVE-2014-6271 vulnerability, also known as the Shellshock bug, please take note of the following as it pertains to you.
We have taken full and appropriate measures to guarantee the security of all customer sites using Mingle in the cloud. Our cloud system has been patched and is now secure from the Shellshock vulnerability.
As our cloud offering uses Amazon Web Services (AWS) infrastructure, we have applied the bash package update, which patches the vulnerability, to all of our AWS instances. As a result, there is no longer any risk related to the CVE-2014-6271 vulnerability for our cloud customers.
We strongly suggest Mingle onsite customers contact their Mingle system administration to verify if their system is affected. If so, they will have to apply their own patch.