Security & Infrastructure Advisories

Transparent, real-time updates on security patches, infrastructure incidents, planned maintenance, and vulnerability disclosures affecting the CloudNexus platform.

99.999%
Platform Uptime
24/7
Security Monitoring
< 15min
Avg. Patch Response
Showing 6 advisories
CVE-2024-7821 Oct 12, 2024 Resolved

Critical Vulnerability in Managed Database Proxy

A privilege escalation vulnerability was discovered in the CloudNexus Database Proxy component. Patched automatically across all regions.

Impact:Authenticated users with read access could potentially escalate to administrative privileges on proxy nodes.
Affected:Managed MySQL, PostgreSQL, Redis clusters (Proxy Layer v4.2.1)
Mitigation:Automatic rolling update completed. No customer action required. Force restart recommended via console.
References:NVD Details | Patch Notes
MAINT-2024-114 Oct 10, 2024 Planned

Scheduled Network Backbone Upgrade – AP-South

Routine capacity upgrade to improve inter-AZ latency and throughput. Brief routing adjustments expected.

Window:Oct 18, 2024 | 02:00 UTC – 06:00 UTC
Impact:Transient packet loss (<2%) possible during migration. Connections will automatically re-establish.
Affected:Mumbai & Hyderabad Regions
Preparation:Ensure health checks are configured. Use multi-AZ deployments for critical workloads.
SEC-2024-098 Oct 08, 2024 In Progress

TLS 1.2 Deprecation Timeline & Migration Guide

CloudNexus will disable TLS 1.2 support across all edge APIs and internal services to enforce TLS 1.3 compliance.

Timeline:Dec 31, 2024 (Soft cutoff) | Mar 15, 2025 (Hard enforcement)
Impact:Legacy clients using TLS 1.2 will fail certificate handshake. SDKs < v2.4.0 affected.
Action Required:Update clients to TLS 1.3 compatible versions. Verify cipher suites.
Resources:Migration Checklist | SDK Compatibility Matrix
INFRA-2024-077 Oct 05, 2024 Resolved

DDoS Mitigation Layer Update – False Positive Reduction

Updated heuristic models to reduce false-positive blocking during legitimate traffic spikes.

Incident:Automated scrubbing incorrectly throttled high-velocity API clients on Oct 4.
Resolution:Model v3.8 deployed. Added rate-limit whitelisting for verified SDK traffic.
Verification:Run curl -I https://status.cloudnexus.io/health to confirm.
COMP-2024-042 Sep 28, 2024 Resolved

SOC 2 Type II & ISO 27001 Certification Renewal

Annual third-party audits completed successfully. Updated compliance documentation now available in the trust center.

Scope:All CloudNexus infrastructure, data handling, access controls, and incident response procedures.
Audit Firm:Deloitte Assurance & Consulting
Downloads:SOC 2 Report | ISO Certificate | Security Whitepaper
CVE-2024-6510 Sep 22, 2024 In Progress

Container Runtime Sandbox Escape Patch

Upstream vulnerability in containerd affects multi-tenant isolation. Patch rolling out via node replacement.

Impact:Theoretical escape possible on heavily customized runtimes. Standard CloudNexus containers unaffected due to gVisor default.
Affected:Kubernetes Clusters (custom runtime nodes)
Progress:68% of nodes patched. ETA 72 hours for complete fleet rotation.