We've now switched to another certificate provider which offer certificates compatible with older devices. Our our cache proxy back online and performance is now restored for everyone.
We're still working on a migration path for users running old balenaOS releases in anticipation for future technology deprecation.
Posted Apr 11, 2024 - 19:35 UTC
Update
We found out that delta was also affected which prevents hostos upgrade on older devices. We temporarily disabled our proxy for delta.
Posted Apr 09, 2024 - 15:42 UTC
Monitoring
We have temporarily bypassed our cache proxy to restore connectivity to older devices while we identify a migration path for users running affected balenaOS releases from 2019 and older.
Posted Apr 03, 2024 - 22:25 UTC
Identified
Balena utilises automated TLS certificate updates to improve the security and trustworthy of our service landscape. This process has now updated to a certificate chain that enforces ECDSA (elliptic curve) instead of RSA encryption.
From all known information, that affects balenaOS releases from around 2019 and older.
We are currently investigating which balenaOS versions containing specific openssl libraries are affected. Moreover, we are assessing how this situation can be solved for such old balenaOS versions in a continuously changing security landscape.
Posted Apr 03, 2024 - 16:48 UTC
This incident affected: API and Delta Image Downloads.