Customer managed patches to the VisibleThread Server

The VisibleThread VM is built on top of Ubuntu Linux, and from time to time critical patches are made available to the operating system and its components.


The VisibleThread security team monitor the security patches and update advisory notices if required.


Customers can choose to run their own patching program with some restrictions. Essentially we require that some critical parts of the VisibleThread architecture are 'pinned' to required supported versions. This is necessary to ensure the VisibleThread Application remains compatible with any patches or updates that may be applied to the server by your patching team.


Note: You should always ensure you have backed up/snapshotted your VisibleThread VM before applying updates as there may be unintended consequences. It is also good policy to test the updates on a test environment first.


Setting up for customer managed updates

Before you begin updating or patching the VisbileThread VM, first create a file on VM called 'preferences' at '/etc/apt'.  This file should be owned by root.

The file should have the following contents:


Package: postgresql*
Pin: version 9.5.10*
Pin-Priority: 550

Package: openssl* 
Pin: version 1.0.2* 
Pin-Priority: 550 

Package: apache2 
Pin: version 2.4.18 
Pin-Priority: 550


Once this file is in place you can apply any updates using the Ubuntu package manager without overwriting services the VisibleThread application relies upon.


How to apply critical security updates on the Ubuntu OS

You can apply any available critical security updates to the VM from the command line using the 'unattended-upgrades' package.


First ensure the aptitude cache's are up to date:

sudo apt-get update

 Now installed the unattended-upgrades package

sudo apt-get install unattended-upgrades 

Now apply any critical updates

sudo unattended-upgrade -v

It's good practice to run these updates on a Monthly basis. 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.