CVE-2024-6387 - Urgently review OpenSSH Service versions in self-managed environments

This is a reminder for all organizations managing a CommCare environment to review your hosts for vulnerability to a recently announced critical CVE in the OpenSSH server.

This service is managed outside of the CommCare Cloud infrastructure layer, and teams will need to respond according to their own operations and patching playbook, but we are providing this message to raise visibility of this important issue.

Dimagi’s production cloud instances were patched upon announcement by our security automation infrastructure, and no action is required for users or admins of these systems.