On September 24th, a new family of security bugs in the Unix Bash Shell referred to as “Shellshock” was publicly disclosed. Many Internet web servers use Bash to process certain commands, and this security bug could be exploited by an attacker to cause vulnerable versions of Bash to execute arbitrary commands.
By the nature of our system and its current implementation, our servers were not affected by these bugs and no data was ever threatened by it. However, to protect against possible future changes that could make our system vulnerable, we have promptly updated all our servers with the appropriate fixes.
What do you need to do
Customers with Hosted Sites
If you have a hosted site, then you have nothing to do!
Customers with Local Installs
To avoid being hacked, all servers should be updated with a fix as described here.
If you have any questions about this, don’t hesitate to contact us at support@shotgunsoftware.com.