Notre nouvelle plateforme est disponible sur www.gandi.net

Découvrir le nouveau Gandi

A new security vulnerability, CVE-2015-3456, was announced last week. The flaw is found in the QEMU virtualization software, and permits an attacker to gain access to a vulnerable host from a virtual machine located on that host.

Immediately following this announcement, we applied the necessary patches, thus reinforcing the existing security measures we had previously implemented. Over the past week, we have continued to study the vulnerability. As a preventative measure, we have decided that a reboot of certain VMs is required in order to ensure that all possible attack vectors have been mitigated.

This preventive reboot will only affect a small proportion of our customers. We will contact affected customers directly via email to provide instructions on performing the reboot on their own.

We will reboot the VMs of affected customers (who have not rebooted on their own) on Monday, May 25 at 11:59 p.m. PDT (that is: Tuesday, May 26, 2015 at 07:59 UTC).

For more information, see the following resources:

If you have questions or encounter any problems regarding this issue, our support team is available to assist you.


In response to the publication of a security flaw in the design of SSLv3, we have integrated TLS_FALLBACK_SCSV on our hosting platform and mailservers.

The flaw, dubbed POODLE in the announcement by the Google security team, allows a network attacker to force use of a less secure version of the protocol, making it easier to obtain the content of secure connections in plain text.

If for some reason you are not able to upgrade to a modern browser or operation system, you should take steps to protect yourself, such as disabling SSLv3 in your browser.

SSL 3.0 is already an obsolete protocol, so the vast majority of email clients will not notice any difference. However, some very old email clients, operating systems and browsers (Windows XP, IE6) may encounter issues. If you notice any problems connecting to our mailservers, please write to our support team with details.

For those interested in the technical details, there's some good reading over at Ars Technica (new window).

Note: We considered disabling SSLv3 on connections to mail.gandi.net via IMAP and POP3, but decided not to do so immediately. We will do so in the months to come, after taking steps to minimize the impact it will have on our customers' services.


An emergency maintenance will be carried out Thursday, October 16th 2014 at 4:30PM CEST on the Gandimail platform.

This maintenance will likely cause some email mailboxes to be unavailable during this time.

Please accept our apologies for any inconvenience this emergency maintenance may cause.

 

Update :

5:55 CEST : End of the gandimail emergency maintenance


Following an incident on a storage unit, it has been necessary to reboot it in order to complete an update necessary for fixing the problem.
All operations will be paused until the unit is running normally again.

In the meantime, please do NOT launch any operation on your server(s). The situation will return to normal shortly.

20:00 CEST, 11:00 Pacific: Incident officially resolved, all operations back to normal. 


An incident has occurred on one of our storage units in the Parisian datacenter. Our technical team is working to resolve the issue as quickly as possible.

Please do not perform any operations on your virtual machines in the meantime. Services should be restored automatically once the issue has been corrected.

We will update this post as new information arises.

Update Tue Oct 7 19:28:19 UTC: Some faulty hardware has been identified; we're in the process of swapping it out.

Update Tue Oct 7 22:33:14 UTC: Our technical team is still trying to fix the issue.

Update Tue Oct  7 23:35:44 UTC: A ZIL disk has failed, and its failover also failed. We're currently performing a manual switchover, and are proceeding very carefully to minimize the risk of data loss.

Most importantly: we understand how disruptive this is for you and we're working as hard as we can to fix it. We will do our best to make it right.

Update Wed Oct 8 00:39:21 UTC: Our technical team is bringing the storage unit back up. The incident is nearly resolved and services are already beginning to come back online.

Update 02:31:10 UTC: We're now seeing high loads on the problematic filer. The investigation continues!

Update 04:05:54 UTC: After working all night, our technical team in Paris has resolved the problem. Services should now be back to normal.

A postmortem and compensation details, as described in our IaaS Hosting Contract (section 2.2) will be provided in the days to come.

Update Thu Oct  9 17:31:34 UTC: A postmortem about this incident is available here.



We will be proceeding with some maintenance on a Gandi Mail storage unit.

The window for this maintenance will be from Tuesday October 7th 2014 from 11:30 PM to midnight CET (Paris time).

There will be several thousand Gandimail mailboxes that will be inaccessible for several minutes during that time.

No mails will be lost during this time, they will be held awaiting delivery.

[EDIT] The maintenance is postponed to the 8th of October 2014 from 11:30 PM to midnight CET (Paris time).


We will be performing some maintenance on our information system database. This will be taking place between 2:00 PM PDT and 9:00 PM PDT on Wednesday July 23rd.

Essentially, this maintenance will impact administrative functions on Gandi products and services, which may be disrupted periodically for some time during this timeframe.

During these downtimes, it will not be possible to perform any purchase, renewal, management, or administration of domain names, hosting services, SSL certificates, Gandi Mail or Gandi Websites.

The public API will also be unavailable and the generation of zones associated with domains will be affected.

However, sites hosted with Simple Hosting or on VPS virtual machines as well as Gandi's DNS servers will not be affected and will run as normal

Reception and transmission of emails may be temporarily affected but rest assured that no mail will be lost.

For the duration of this maintenance, access to our support will also be limited and periodically unavailable and so we have put in place an emergency email address at support@support.gandi.net.

We also encourage you to follow our Twitter account @gandinoc where we will be keeping everyone up to date on the progress of the maintenance.

We apologize for any inconvenience this maintenance may cause and ask that you bear with us while we improve our services.

 

Update :

The maintenance started at 11.02PM CEST and has been completed at 00.08AM CEST.

Please report any isue you may encounter to our email support.


A maintenance will occur on a Gandi Mail storage unit.

The maintenance window will start at 11PM and end at 00AM on Tuesday 22nd of July 2014 CEST (Paris timezone).

The predictable impact is the unreachability of a few thousands of mailboxes for a few minutes.

There is no predictable loss of messages during the maintenance as those will be queued before delivery.


Gandi maintains a non-production platform for those customers wishing to test our API

for domain registration and administrtion. This "OT&E" platform 

is not available at the moment. Our teams are working on restoring access. 

 

We do apologize for any inconvenience this may cause. 

 

Update: OT&E is now available as of 18:50 CEST. Thanks for your patience. 


A maintenance on our Gandimail platform will be held from 18 19 June 2014 2pm to 9pm PDT (19 20 June 21:00 to 20 21 June 4:00 UTC).

This maintenance was planned in order to solve the recent quota display issues in the Gandi interface.

Service should not be interrupted during the maintenance.

Update: maintenance postponed to 19 June 2pm PDT.


Page 1 2
Taille du bandeau d'actualités