Stax Changelog logo

Changelog

Back to Homepage Subscribe to Updates

Labels

  • All Posts
  • Fix
  • changed
  • added
  • deprecated
  • removed
  • security
  • notice

Jump to Month

  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
security
9 months ago

EventBridge cross-account event bus targets IAM role

AWS has notified of an upcoming change for Amazon EventBridge cross-account event bus targets.

EventBridge cross-account event bus targets deployed as part of Stax Events have an associated IAM Role with sufficient permissions to perform the action.

No action is required as part of this change. If you have any questions, please raise a support case.

Fixchangedsecurity
10 months ago

Identity Service Database Update

An update has been applied to the Stax Identity Service to improve its performance and reliability.

This update upgrades the Stax Identity Service Database's underlying software. This modernises and standardises the infrastructure in use across all of Stax's customers. 

These changes have been applied automatically by Stax during the advertised maintenance window. There is no impact to service expected as a result of this upgrade. Should you experience any issues, please raise a support case. 

To ensure you receive notice of upcoming changes to Stax, make sure you're subscribed to the status page.

security
a year ago

Stax Response To Spring4Shell Java Vulnerability

The Stax team is aware of the recently disclosed vulnerability within the popular Java Spring Framework and related software components being referred to as Spring4Shell (CVE-2022-22965).

Stax’s security and development teams have analysed the components of Stax that are Java based. Despite the Spring Framework being present in the codebase, no usage of known vulnerable functions was identified.

Stax is continuing to monitor the situation and related component announcements.

security
a year ago

Response to log4j2 vulnerability (CVE-2021-44228)

Stax is aware of the recently disclosed vulnerability in the open-source Apache Log4j library, tracked as CVE-2021-44228 and referred to as "Log4Shell". Stax's engineering team has performed thorough analysis of the Stax codebase with regards to this issue. Stax can confirm that it is not vulnerable to this exploit.

If you have any questions regarding this notice, please raise a support case.

security
2 years ago

Response to Codecov Security Advisory

On the 15th of April 2021, Codecov notified its users of a security event that had impacted its systems.

At Stax, we believe that security and transparency is of the upmost importance and as such are informing our customers of this event.

No customer action is required, and no customer data has been impacted as a result of this advisory.

Stax's exposure is limited to the use of a GitHub action on the Python SDK code repository. This event has no impact on the Stax platform.

We have responded by following the recommendations provided by Codecov. Artefacts produced by our CI/CD pipeline have been audited and no indicators of compromise were found.

security
2 years ago

Revised Cost & Compliance Role Permissions

Stax has released a new version of the Cost & Compliance module's service and billing roles, version 30. In keeping with our principle of least-privilege, Stax has revised the permissions this role requires.

Specifically, Stax no longer requires access to AWS Support APIs to complete compliance discovery tasks.

If your AWS accounts are Stax-managed, then you don't need to take any action. Stax will automatically update this role in the coming days.

If you're subscribed only to the Stax Cost & Compliance module, you will need to apply the update yourself.

As always, Stax recommends that you regularly review your IAM permissions. It is important to confirm that they align with the principle of least-privilege, and with the AWS Well-Architected Framework. For any questions around this change, or if you need assistance deploying the updated role, please raise a support case.

security
3 years ago

Improvements to the Stax Identity Service

Stax has applied hardening and configuration updates to the Stax Identity service to improve security and reliability. These updates form part of an ongoing effort to achieve compliance with enterprise-grade security standards. Authentication to Stax has not changed, however, you may notice that a Web Application Firewall (WAF) (leveraging AWS WAF) has been implemented on the Identity service and that token session times have been reduced from 30min to 15min. For more details about the WAF, check out the Docs.