Airlock Vulnerability Tracking

Information on security-relevant findings can be found on the Airlock Support Portal. The old reporting system on techzone.ergon.ch/vulnerabilities has been deprecated and serves only as an archive.

How to use Airlock Vulnerability Tracking

The ALVUL project in Airlock Jira is used to publish information about security-relevant findings on Airlock products. In general, an issue is created for each published vulnerability (CVE) that is sufficiently relevant for an Airlock product. In the "component" field of an issue, you can find the product(s), which the issue concerns.

If you navigate to the "Issues" page of ALVUL, you will see a list of all currently open issues. An open issue can be in one of two states:

• Analyze → We are currently looking into the issue an checking whether any Airlock products are affected
• Fix pending → The issue has been analyzed and will be fixed with the next update of the affected product. With low severity issues, this will usually be the next bugfix release. For critical issues, a hotfix will be released. You can find details on this in the description of an issue.

An issue is resolved in one of two ways, indicated by the status of the issue:

• Closed → The issue has been analyzed, and no supported Airlock product is affected.
• Fix available → The issue has been analyzed, and has some implications for Airlock Products. An update that fixes the issue has already been released and is available for download.

More detailed information about a vulnerability can be found in the description section of an issue.

Filter Subscription

To stay on top of the many vulnerabilites that are reported, we recommend setting up a Jira filter subscription to get periodically emailed about new vulnerabilities.

To get you started right away, we have configured a couple of filters for you to choose from:

Filter ALVUL_daily

Shows all new issues created in the last 24 hours in the ALVUL project.

Subscribing to the ALVUL_daily filter means getting a summary email on each day if a new issue has been created in the last 24 hours. This amounts to about 5-10 emails each month.

To subscribe to the ALVUL_daily filter, navigate to the "Manage Filter" page on Jira via issues → manage filters. Then, use the search function to find the filter (use the exact filter name), favourite it by clicking on the star on the left-hand side, and hit "subscribe" on the right-hand side of the screen.

Select a "Daily" schedule with interval set to "once a day". Then, pick the time at which you would like to receive the summary of new issues.

Filter ALVUL_notify_gateway, ALVUL_notify_mgw and ALVUL_notify_iam

Shows new issues created in the last hour that we consider exceptionally relevant for the respective product. Usually, these are vulnerabilities for which a hotfix will be released for the product in the near future. In addition, these filters also show vulnerabilites that have gained considerable public attention (like heartbleed or log4j), even if the respective product is not affected.

Subscribing to the ALVUL_notify_ filters means getting an email every hour, if a fitting issue was created in the last hour. This way, you get notified quickly about important issues. This amounts to about an email a month.

To subscribe to an ALVUL_notify_ filter, navigate to the "Manage Filter" page on Jira via issues → manage filters. Then, use the search function to find the filter (use the exact filter name), favourite it by clicking on the star on the left-hand side, and hit "subscribe" on the right-hand side of the screen.

For ALVUL_notify_, select a "Daily" schedule with interval set to "every hour".

To unsuscribe, navigate to the manage filters page via issues → manage filters. Click on the subscription you want to cancel to open a detailed view of the subscription. Then, on the right hand side below "Actions", press "Delete".

Filter customization

The Jira filters can easily be customized to fit more specific needs. To do so, navigate to the "Manage Filter" page via issues → manage filters. Then, click on one of the pre-built filters. Now, you can customize the filter by adding or removing terms in the search bar. To be able to save the filter, you need to exectue the query once by clicking on "Search". Then, save the filter via the 3 dots on the top of the page and clicking on "save as". If you customize a filter in this way, you need to subscribe again to the new filter.

As an example of a customization, consider the case where you want to restrict the ALVUL_daily filter to a specific component (e.g you are only interested in Airlock Gateway, but not Airlock Microgateway). The default filter reads:

project = "Airlock Vulnerability Tracking" AND createdDate >= -24h

If you are only interested in issues concerning Airlock Gateway, you can extend to filter to:

project = "Airlock Vulnerability Tracking" AND createdDate >= -24h AND component = "Airlock Gateway" 

The available components are

• Airlock Gateway
• Airlock Microgateway 3.x
• Airlock Microgateway 4.x
• Airlock IAM

There are many more ways to customize the search query. Further information can be found in the Jira documentation.

Setting up a Dashboard

We also recommend adding a gadget to your Jira dashboard, which shows the newest vulnerabilities reported on ALVUL.

To do so, navigate to your dashboard and click on "Add gadget" on the top right corner of the screen. In the pop-up that opens, select "load all gadgets" and search for the gadget "Filter results" and add it to your dashboard. For the "Saved filter" field, select "ALVUL_dashboard". The other fields can be freely set to fit your needs. Then click on "save" to save the gadget.