Timeline to patch RegreSSHion to my public servers

Published July 9, 2024

July 1st 6.36am GMT+2 – OpenSSH release 9.8 to patch the vulnerability
July 1st 11.00am GMT+2 – emilazy opened a PR applying the patch to Nixpkgs
July 1st 3.15pm GMT+2 – CVS published via GitHub Security Advisor

According to one of my servers I run a system update July 1st at 9pm UTC (11pm GMT+2) if I am doing the conversion correctly.

stat -c %w /run/current-system
2024-07-01 21:11:19.291938167 +0000

NOTE: this trick to know about a last deploy works as long as the system didn’t reboot.

I just run a couple of public facing servers and this time I had the opportunity and the time to track my progress, but I like the simplicity and the timeline I see here. I was able to deliver a security vulnerability from program release to server delivery in 17 hours without rushing since I am not running critical systems.

Let me know about your experience!

Are you having trouble figuring out your way to building automation, release and troubleshoot your software? Let's get actionables lessons learned straight to you via email.