On Tuesday, September 30 2014, OpenDNS will release the Umbrella Insights Virtual Appliance, version 1.3.11
Change Summary (1.3.9 to 1.3.11)
This version contains a patch for the BASH/Shellshock vulnerability. Please note that all earlier versions of the VA were not exploitable, this is simply a precautionary measure. For more information on the Shellshock vulnerability, check here: https://support.opendns.com/entries/56701530
Changes in this version:
- Patch for the CVE-2014-6271 bash vulnerability ("shellshock").
- Prevent admins from adding OpenDNS root servers as localdns servers, as this resulted in losing identity granularity.
All Umbrella customers with 2 or more deployed VAs will download this patch within 2 hours of release, and will apply the upgrade according to their Organization's upgrade window (which can be set in the dashboard). Customers with non-redundant VAs will not automatically apply the upgrade, as that would cause downtime.