Hello Kantara participants
Our cloud service provider Digital Ocean, has advised us of a threat that could possibly affect some of the Kantara community.
Intel has discovered a security vulnerability called L1 Terminal Fault. Red Hat has a good video explaining it here . Digital Ocean uses Intel processors. The video explains a vulnerability where a malicious application in another cloud server that is running on the same processor core could conceivably read memory from our cloud server. While the attacker would not be able to target Kantara specifically, it could conceivably be randomly assigned a shared processor core whereby possibly personal data from pages in Confluence and/or Mailman with restricted access could be in the processor's memory. Intel and Digital Ocean are working diligently on the issue and will advise us of progress, so we can advise you. Please note that some of the fixes for this issue may significantly slow down our server infrastructure temporarily (the need to turn off hyper-threading). Thanks for your forbearance.
Kind regards, Kantara Staff