Checked that the vulnerability affect to version prior to 7.0.29, which is the one currently installed in production, so we can conclude we are not affected. Notified Anas about that.
The issue seems solved. Zeeshan talked to Marco De Cesare and he applied apparently the rules.
I'm assuming I don't need to open any additional request although I requested only for Brindisi, but my OneVDI is on Valencia subnet. and I can access, so I guess it's all fine now.
Asked by Anas to provide info to Mario Sernicola about the current stack (code, db dumps, etc). I will provide basic info to Mario and he will raise official requests to provide the required data
I can access the server, Emmanuel cant'. Im opening a new FW rules request and sending email and contacting Marco Sambo.
I asked Emmanuel if he is in Brindisi and if he knows the Valencia IPs/network. Also noticed original fw request didn't include access to unosm-r-data-01 and unosm-r-app-01, which is weird. Pending on Emmanuel response to prepare request.
Emmanuel responded that he is in Valencia. Anyway, I requested RFS-1-12822116327 with the network segment derived from his screenshot. Now I will write to the implementation team with the details.
Zeshaan called me. Added Filippo to the call, he confirms these are the new subnets working for Valencia and Brindisi:
Brindisi: 10.128.160.0/21
Valencia: 10.128.32.0/21
Freed 75GB on /backup by deleting unrotated System 1 backups (retention script was pointing to wrong path), cleaned 17,153 stale log files from System 2 (no log rotation configured), and fixed both retention scripts to prevent recurrence.
The Mar 11 10:47 backup failure was caused by a planned MySQL upgrade (8.0→8.4) restarting the server mid-dump; the backup job self-recovered automatically at 11:16 and has been running normally ever since, requiring no intervention.
Sent reminder. Talked with Marco Sambo, apparently the fw rules are stuck in revision by cybersecurity because there are some connections between PRE and PROD. Asked him to expedite rules related to OneVDI.