pblakez
Chad 
It's not often you see a CVE perfect 10.
Anyone with a #Ubiquiti #Unifi network needs to update their Network controller immediately.
John Caruso@chad thanks for the heads up!
The mobile app didn't immediately have the update available to me but it just showed up a minute ago.
Oriel Jutty 
@chad ... it's
.. again, isn't it
monkee 
@chad "Fun" Fact: Ubiquiti is providing communication infrastructure to the russian military.
https://medium.com/the-dock-on-the-bay/us-company-ubiquitis-gear-powers-russia-s-comms-in-ukraine-712e592bcc99
https://medium.com/the-dock-on-the-bay/us-company-ubiquitis-gear-powers-russia-s-comms-in-ukraine-712e592bcc99
@monkee so should I throw out thousands of dollars of gear? And for what alternative?
C'mon.
Tanguy ⧓ Herrmann
eggg
Giles of the Jungle@chad I run a few controllers and all the ones set to automatically update did so last night.
Thanks for flagging this issue though, it kicked me into updating the manually updated ones immediately rather than just getting around to it eventually.
@gilester45 I triggered a manual update on all of my sites too. Better safe than sorry.
Stephen Gentle@chad Hmm, weird, mine uses the Debian repo and for some reason that's still at 10.0.162... Anyway, just shut it down, I don't actually need it running unless my APs lose power and restart, but the UPS should take care of that.
Julien Goodwin@stephengentle @chad They're currently serving an empty packages file, so the repo is outright fucked, hopefully it'll be fixed by morning
@LapTop006 @stephengentle I was able to update my UDM Pro Max without issue.
Harald Hannelius 
@stephengentle @chad you, as well as me, got fucked by ubiquiti. They yeeted all packages from their repo, so updates failes silently. This happened in February, my controllers (3) are all a couple of versions behind since sometimes in February. Just before a CVE 10.0 is released.
Also, they now recommend you to change to unifi network os or somesuch. With very short notice. Arch changes in prod. Nope.
This is not how they should treat their customers! Irresponsible and arrogant. I'm so pissed at #ubiquiti now.
@harald @stephengentle if you're not running the binary on their hardware I don't know what to tell you.
@chad @stephengentle which binary and what hardware are you talking about? We have hundreds of unifi devices. They all run their binary.
if you have hundreds of unifi devices, you could read the CVE to know it's the network controller that needs updating. If you have hundreds of unifi devices, you really ought to pony up for a network controller device.
I have a hard time believing you have hundreds of devices running the Unifi Network controller under your purview.
The controller is what needs updating, if you need it reiterated.
@chad @stephengentle please don't be condescending.
We moved to Unifi just for this particular reason. We don't want a single proprietary point of failure anymore. We want good radios, and a controller that we can monitor on the OS level (we have the expertise), and run it on a high availability virtualisation platform. I don't see the controller as the beef of the product, the radios are.
Ubiquiti pulling the rug (repo) from under their customers is a really shitty move.
Hundreds is a bit steep, over a hundred is more correct.
@chad @harald It was a supported distribution channel that just today I find out they seem to have randomly abandoned with zero warning or notice, while they’ve been releasing updates for critical vulnerabilities elsewhere.
Thousands of their customers will be relying on this like we were, I’m really quite shocked at Ubiquiti here!
Andrew Wippler@chad I seem to be one of the lucky ones that updated everything yesterday.
taylor 
