AMP 220.127.116.11 Release Notes
This is a minor bugfix release that notably restores Docker functionality that was broken due to an incomplete change in the 18.104.22.168 fix.
- Added support for INI files to read/write as config stores (not yet used anywhere)
- Fixed 'Upgrade AMP' incorrectly showing that the feature is unavailable if done via the instances screen instead of via the Support tab due to unloaded data.
- [Core] Fixed binding issue in Docker instances that prevented activation as a result of the new virtual home directories.
- [CLI] Restart running instances on password change if they were previously running.
- [CLI] Magic reconfigure now restarts ADS when done.
- Updated filtering/regexes for Bedrock servers.
- Fixed missing base information for processing update states.
AMP 22.214.171.124 Release Notes
This is a security hotfix to fix an incorrect access control issue that allowed logged in users to add custom firewall ports to ADS. Users could add ports so long as they had a valid login for ADS even if they didn't have permission to reconfigure instances.
ADS had some missing permissions metadata that would allow authenticated users logged into ADS to create custom firewall rules even if they didn't have the permission to modify instances.
If you don't use multiple users in ADS or if you only allowed fully trusted users access to ADS then you don't need to worry, you wouldn't be affected by this.
Because the user had to be logged in it's not a massive issue, but we've released an update immediately out of an abundance of caution.
Other security measures within AMP prevent ports below 1024 from ever being opened.
This issue was reported on 29/04/2021 and a fix was issued on 30/04/2021 - CVE-2021-31926
This update also includes a change to Docker handling that mounts the containers 'amp' user home directory to within the instance datastore so that anything that requires read/write access to a home directory will work correctly (git/jgit especially).