Kopano Nightly Builds Offline
-
As you may have noticed, we took our nightly/master builds offline. The reason we did this is that the server where these builds are created and stored was compromised. The hack was discovered a few hours after it happened. After close examination of the event, we can confirm that no customer data was leaked.
We have decided to take all builds offline that have been published between the hack and the discovery. This means we have taken the nightly builds (master and community) offline as a precaution. What we DO know for sure is that the final builds were NOT compromised.
The compromised system is being replaced and new nightly builds should be available again shortly.
Regards Felix
Resources:
https://kopano.com/blog/how-to-get-kopano/
https://documentation.kopano.io/
https://kb.kopano.io/Support overview:
https://kopano.com/support/ -
Thanks, but it appears that there is now no core system available for download (that I can find) and so it’s now not possible to install kopano at all on a new server, even with an older versions ?
-
@crankshaft at least you cannot install based on our nightly downloads.
Downloads for our customers have remained online. You could request a trial key from our homepage to get access to them.
-
I’m also hit by the missing core system. I was just migrating my Ubuntu 16.04 LTS to 18.04, but there is no way to get the proper .dpkg files for the community build.
Is there any outlook on when the daily builds will be fully available again? Or would it be possible to provide the latest final builds (which are not compromised afaik) until the daily builds are up and running again? -
What was compromised? is it the kopano packages? or was it the server where the kopano packages where stored?
-
@BEO I cannot give an eta for this at the moment. If you request a trial from https://kopano.com/kopano-trial-download/, then you have access to the final builds (for 30 days).
@ckruijntjens please reread the starting post in this topic
Regards Felix
Resources:
https://kopano.com/blog/how-to-get-kopano/
https://documentation.kopano.io/
https://kb.kopano.io/Support overview:
https://kopano.com/support/ -
@fbartels
Well sadly the trial I downloaded is an older version the the nightly installed on my Ubuntu 16.04.
I did not dare to migrate to an old build, since I don’t know possible pitfalls regarding database version.
Plus the trial key annocunced to be sent by mail did not arrive within 5 days now.
Rolled back to my old 16.04, skipped the migration of our home server to one distant day in the future (holidays are over now). -
@BEO said in Kopano Nightly Builds Offline:
Plus the trial key annocunced to be sent by mail did not arrive within 5 days now
Did you check your spam folder? The key is automatically sent on form submission afaik.
Regards Felix
Resources:
https://kopano.com/blog/how-to-get-kopano/
https://documentation.kopano.io/
https://kb.kopano.io/Support overview:
https://kopano.com/support/ -
@fbartels said in Kopano Nightly Builds Offline:
As you may have noticed, we took our nightly/master builds offline. The reason we did this is that the server where these builds are created and stored was compromised. The hack was discovered a few hours after it happened.
Hi Felix yes I noticed mid Aug about nightly builds being offline.
I ussed and still using local repo from 3rd Aug core 8.7.82 for Kompano4s Beta Docker Container. Is it fair to assume it can be used for contigency as this one was apx 1 week before the incident?
If not I would take the K4S Community Beta Docker Image offline.
Regards Volker -
@TosoBoso said in Kopano Nightly Builds Offline:
from 3rd Aug
the system was compromised on the 12th so everything before that is fine. The only reason why we pulled the master packages is because we do not store hashes externally and therefore cannot say with 100% certainty that they have not been tampered with.
PS: you need to separate the quote from your actual message with a blank line. else you message is shown as quoted as well.
-
@fbartels said in Kopano Nightly Builds Offline:
@BEO said in Kopano Nightly Builds Offline:
Plus the trial key annocunced to be sent by mail did not arrive within 5 days now
Did you check your spam folder? The key is automatically sent on form submission afaik.
I can second that: No email! I checked the mailserver logs and not even a delivery attempt was made.
I tried twice to request a trial key. -
@rbrunhuber when did you request the key? Could it be in your spam folder?
Regards, Bob
Need support?
Have a look at https://kopano.com/support/ for options.Helpful resources:
https://kopano.com/blog/how-to-get-kopano/
https://documentation.kopano.io/
https://kb.kopano.io/ -
@bhuisman
I requested one key end of last week and one yesterday around 21:00 CEST.
As I said: No SMTP delivery attempt reached my server from your side, so it’s definitely not in the spam folder. But still I double checked just to be sure. -
@fbartels
Yes, I checked my spam folder. Nothing.
Maybe something more was compromised than just the build server. Someone out there might have tons of license keyes :-) -
@BEO said in Kopano Nightly Builds Offline:
Maybe something more was compromised than just the build server.
That may be meant as a joke, but this possibility can be excluded. There was no connection to these systems from our Jenkins.
-
Nightly builds are back online at https://download.kopano.io/community/core:/.
I heard from out internal it that they are currently looking into why the trial form does not send the evaluation key.
Regards Felix
Resources:
https://kopano.com/blog/how-to-get-kopano/
https://documentation.kopano.io/
https://kb.kopano.io/Support overview:
https://kopano.com/support/ -
@fbartels Same here, tried twice to download trial within 3 days with two different mail adresses, no mail in both cases
-
Hi @clews,
I’m sorry to hear that this still does not work. You can also reach out to our sales team at info@kopano.com to request a trial key.
