Extend Service Extension Security updates and important notices
Non-root security patch (June 9th, 2024)
The C#, Python, and Java app templates for Extend Service Extension that came before v2024.04.15 use supervisord, which needs root access. This is against the least privilege security principle. To keep AccelByte Gaming Services (AGS) secure, we have scheduled a maintenance update starting from June 9th, 2024 to patch this vulnerability.
If you built and developed your project using an Extend app template for C#, Python, and Java before v2024.04.15, we recommend you migrate your Extend app to support non-root to make it compatible with the patch.
This update does not apply to projects based on Extend apps for Go.
Migrate to non-root
The migration steps involve deleting the supervisord.conf file and updating the Dockerfile and supervisord.conf file in your project. If you made custom changes to the existing Dockerfile and supervisord.conf files in your project, you may need to make manual adjustments in the new Dockerfile and wrapper.sh file and ensure that your custom changes are also added or retained in the updated versions of the files.
To migrate your Extend app to support the non-root security patch, follow these steps:
Delete the
supervisord.conffile from your project.Copy the contents of the new version of the
Dockerfileand use it to replace the existing content of theDockerfilein your project.Copy the contents of the new version of the
wrapper.shfile and use it to replace the existing content of thewrapper.shfile in your project.Build, upload, and deploy your app into AGS. Then, confirm your app is running and working as expected.