U2F now available on #gandiV5
The U2F standard has simplified and strengthened 2FA. On #gandiv5, you now can use your U2F key
Notre nouvelle plateforme est disponible sur www.gandi.net
The U2F standard has simplified and strengthened 2FA. On #gandiv5, you now can use your U2F key
Having the former can improve the latter. Get SSL on your Simple Hosting now for free on #gandiV5
We are pleased to announce that we will not stop and start your servers this Wednesday, December 21st, between 6:00 AM and 9:00 AM UTC (i.e. 10:00 PM PST on Tuesday December 20, 2016, and 1:00 AM PST on Wednesday December 21, 2016).
Our maintenance operation was designed to address a vulnerability in the Xen virtualization software. To respond, we decided to upgrade the Xen software and take advantage of the features of the new version, to allow you to gain performance and avoid these types of maintenance operations in the future.
However, many of you have contacted us to ask us to change our approach. We started by adjusting the schedule, but it was not enough for many of you.
As a result, we have investigated alternative solutions and we will not stop and start your servers.
We've contacted all affected customers via email. Thank you very much for your feedback on this matter.
A critical security issue in the virtualization software Xen will become public July 26 and the Xen team has already informed Gandi of the necessary patches.
Since this announcement, we have already preemptively deployed the patches required to correct the issue. We have been monitoring the particular security flaw and have determined we will need to stop/start certain Xen VMs in order to assure that no further possible attack vector will remain.
We will be contacting the affected customers directly in order to allow them to sufficiently prepare for this stop/start and those of you who have not received any message from us are therefore not affected.
In order to minimize downtime and also to help minimize the impact in general, we would advise all affected to schedule a stop/start of their platforms yourselves sometime between now and the cutoff date of July 26, 2016.
Any affected VMs that you have not yet stopped and started again by 12:00 AM PDT July 26, 2016 (07:00 UTC), we will stop/start at some point between then and July 28 at 9:00 AM PDT (16:00 UTC). Please expect around 30 minutes of downtime per stop/start.
As always, if you have any questions or have any difficulties, please do not hesitate to contact our Customer care team.
Edit 7/21/16: Previously we used the term "reboot" instead of "stop/start." Rebooting isn't sufficient to apply the security patch. Your VM(s) need to be stopped and then started again in order for the patch to take effect.
ImageMagick announced a security vulnerability, registered as CVE-2016-3714, that allows malicious users to craft filenames to execute code remotely.
We have applied the appropriate fixes on Simple Hosting to protect customer applications using ImageMagick libraries.
If you're using ImageMagick in your application, make sure you restart your instance after 18:00 UTC (11:00 AM PDT) on May 4, 2016 in order to apply the patch.
You can restart your instance from the website or from the terminal with Gandi CLI:
$ gandi paas restart {instance_name}
Please don't hesitate to contact Customer Care if you experience any issues or have any questions related to this topic.
We will reboot the VMs of affected customers (those which were not rebooted by their owner) from Thursday, October 22 until Wednesday, October 28. An outage of 30 minutes maximum is expected for each impacted VM.
Maintenance status page: http://status.gandi.net/timeline/events/226
We recommend making sure that automatic updates are enabled for your WordPress installation, or running a manual update. There's a lot to gain, and a lot to lose if you don't, since this release is mainly focused on security fixes.
Two of the corrected vulnerabilities are XSS (Cross Site Scripting), related to the processing of "shortcode" tags in versions 4.3 and earlier, and the user list page.
The other problem is a privilege escalation which in some cases allows an unauthorized user to post private items and mark them as "sticky".
Although this version does not add any new features, it corrects a total of 26 bugs that exist in version 4.3.
In all, 64 files have been modified, with improvements to various aspects of the web interface of the world's most popular CMS, as well as its backend functions.
So, log in to your admin console and get started!
Visit the official changelog for more details: https://codex.wordpress.org/Version_4.3.1
A new security vulnerability, CVE-2015-3456, was announced last week. The flaw is found in the QEMU virtualization software, and permits an attacker to gain access to a vulnerable host from a virtual machine located on that host.
Immediately following this announcement, we applied the necessary patches, thus reinforcing the existing security measures we had previously implemented. Over the past week, we have continued to study the vulnerability. As a preventative measure, we have decided that a reboot of certain VMs is required in order to ensure that all possible attack vectors have been mitigated.
This preventive reboot will only affect a small proportion of our customers. We will contact affected customers directly via email to provide instructions on performing the reboot on their own.
We will reboot the VMs of affected customers (who have not rebooted on their own) on Monday, May 25 at 11:59 p.m. PDT (that is: Tuesday, May 26, 2015 at 07:59 UTC).
For more information, see the following resources:
If you have questions or encounter any problems regarding this issue, our support team is available to assist you.
We have updated mirrors.gandi.net following today's announcement of the GHOST vulnerability. This newly-discovered flaw is in the popular glibc library, which is used in many Linux distributions and different flavors of Unix. The newly-discovered flaw, which has been present since November 2000, enables an attacker to execute code remotely on a vulnerable system.
We recommend that you upgrade your servers immediately. The following patches have already been made available by the distribution teams:
We will keep this list and our mirrors up-to-date as more affected distributions release their fixes.
If you are a Simple Hosting customer, we recommend that you restart your instance.
Nous avons maintenant interrompu l'ancien portail.
Migrez maintenant vers
https://migrate.gandi.net/
La plateforme Gandi v5 est maintenant déployée depuis 2018.
Vous faites maintenant partie des 0,5 % qui ne sont pas encore sur le portail moderne, veuillez migrer maintenant en quelques minutes seulement.
Suivez ce lien pour commencer le processus :
Google a annoncé l'arrivée prochaine des noms de domaine en .DEV.
On espère tous que Jimmy a pensé à réserver son extension !
Vous l’avez attendue et réclamée pendant plusieurs mois, la voici enfin : l’interface dédiée à nos clients revendeurs sur #GandiV5.
Sur #GandiV5, vous pouvez activer le protocole de sécurisation DNSSEC sur vos noms de domaine de manière automatique.
HTTP/2, TLS 1.3, optimisation du système de cache...
Si vous attendiez la gestion des produits Cloud pour migrer vers notre nouvelle interface, préparez-vous : nous avons commencé à déployer les fonctionnalités nécessaires !
Lancé mardi 8 mai à 18h, heure de Paris, la nouvelle extension de nom de domaine .APP a déjà atteint plus de 90.000 enregistrements.
Lors du lancement de notre nouvelle plateforme, nous vous avions annoncé qu’elle serait constamment améliorée et enrichie afin de répondre le mieux possible à l’ensemble de vos besoins...