Level 75
Has been asked recently also, see https://laracasts.com/discuss/channels/forge/with-the-release-of-ubuntu-pro-laravel-forge-provisioned-servers-are-left-vulnerable
Mar 2, 2023
2
Level 1
How are Laravel Forge users dealing with vulnerability patches? In particular, ESM patches?
I use Laravel Forge to provision AWS EC2 instances of Ubuntu, and I use AWS Inspector to monitor for vulnerabilities.
Lately, a number of medium-severity vulnerabilities are showing up that are not able to be patched via unattended-upgrades, apt-get update/upgrade, or even manual installations of the affected packages.
Ubuntu reports that the latest version of the packages in question are already installed, and AWS Inspector shows that the fixed version is an ESM patch, which seemingly is only available with an Ubuntu Pro license.
I'd consider upgrading the servers to Ubuntu Pro, but there is no self-service way to do that in AWS -- you can only purchase a license for a new instance. In my case, I'd like to apply the license to an existing instance provisioned by Laravel Forge.
It also seems a little suspect that Ubuntu would restrict security patches to only Pro users...
Anyone else dealing with this and have any advice? Thanks!
Level 1
I use Laravel Forge to provision AWS EC2 instances of Ubuntu, and I use AWS Inspector to monitor for vulnerabilities.
Lately, a number of medium-severity vulnerabilities are showing up that are not able to be patched via unattended-upgrades, apt-get update/upgrade, or even manual installations of the affected packages.
Ubuntu reports that the latest version of the packages in question are already installed, and AWS Inspector shows that the fixed version is an ESM patch, which seemingly is only available with an Ubuntu Pro license.
I'd consider upgrading the servers to Ubuntu Pro, but there is no self-service way to do that in AWS -- you can only purchase a license for a new instance. In my case, I'd like to apply the license to an existing instance provisioned by Laravel Forge.
It also seems a little suspect that Ubuntu would restrict security patches to only Pro users... https://routerlogin.uno/ Anyone else dealing with this and have any advice? Thanks!
I got this,...
Please or to participate in this conversation.