Welcome to the OnApp Support portal!

Your one stop shop for OnApp Support. Raise tickets, view tickets, search our knowledgebase and stay up to date with the latest support announcements.

Dashboard accounts are required for support calls and tickets

You now need an OnApp dashboard account to raise a support ticket, either online or by phone, so you should create new dashboard accounts for any member of your team that might need to contact us. Once they have an account they can log in here to submit tickets. To set up those user accounts:

  • Log in to the dashboard
  • Go to Accounts -> Users and click the Add a new user button
  • Complete the form, making sure you check the boxes for Dashboard, Helpdesk and Forum access
  • Click the Create User button to finish

Tokens for telephone support

We've improved security for telephone support by introducing a new support token. Your token is displayed in the dashboard when you log in - you'll need to give that code to our team if you call us.


If you have any difficulties setting up dashboard accounts or using the new portal, just let us know.


OnApp Support

Tetyana Tsyupka May 14 OnApp Cloud / Product Notifications

A 'buffer overflow' vulnerability affecting the Floppy Disk Controller (FDC) emulation implemented in the QEMU component of the KVM/QEMU and Xen hypervisors. 
This issue affects both Xen and KVM (Static and CloudBoot) hypervisors under RHEL/CentOS 5.x and 6.x

Static Hypervisors

To eliminate the security issue for Static Hypervisors, follow the procedure described below.

For customers willing to upgrade to the latest hypervisor tools (corresponding to the OnApp version that runs):

  • Run the OnApp Xen Hypervisor installer


  • Run the OnApp KVM Hypervisor installer

  • /onapp/onapp-hv-install/onapp-hv-kvm-install.sh
  • If the kernel was updated at this stage, you should plan to reboot the hypervisor to ensure all HVs run a consistent kernel version.

Consider migrating (if required) of running guests into any other host before the reboot.

For customers which are using latest hypervisor tools or do not want to upgrade them:

  • RHEL/CentOS 5.x XEN packages (applies to OnApp 3.0.0 and up)
  • # yum update xen xen-libs

 This should update to the 3.4.4-8.el5.onapp.x86_64 version.

  • RHEL/CentOS 5.x KVM packages (the packages are released by Red Hat)
  • # yum update kvm kmod-kvm

 This should update to the 83-272.el5_11.x86_64 version.

  • RHEL/CentOS 6.x XEN packages (applies to OnApp 3.0.8 and up)
  • # yum update xen xen-hypervisor xen-runtime xen-libs

 This should update to the 4.2.5-38.5.onapp.el6.x86_64 version.

  • RHEL/CentOS 6.x KVM packages (the packages are released by Red Hat)
  •  # yum update qemu-kvm

 This should update to the version.

  • Importantto eliminate the vulnerability, the VSs should be powered off and started up again depending on the virtualization type :
    • for XEN, power off and start up the Windows-based and FreeBSD-based VSs.
    • for KVM, power off and then start up all the VSs. 

    Please note that it is not enough to restart the guests because a restarted guest would continue running using the same (old, not updated) QEMU binary.

CloudBoot Hypervisors

To eliminate the security issue for Cloudboot Hypervisors, run the OnApp 3.5.0-13 Storage Update. This should update to the following versions:

Xen 3.4.4-8.el5.onapp.x86_64



KVM --------
RHEL/CentOS 5.x
RHEL/CentOS 6.x

Maksym Holiney Jan 29 OnApp Cloud / Product Notifications

Updated glibc packages fix the GHOST  security issue.
This security update should be applied to static RHEL/CentOS 5.x and RHEL/CentOS 6.x hypervisors.

Enter the Control Panel box via ssh, and run from under root user to address the above vulnerability:

# yum update glibc


Please note that we will be releasing an updated CloudBoot image soon that explicitly patches this vulnerability.

Maksym Holiney Jan 20 OnApp Storage / OnApp Integrated Storage

Parallelrepaivdisks enables to repair up to 10 degraded vdisks simultaneously.

Also, you may indicate what data store will be repaired first or indicate sequence of data stores.

  • Log onto Hypervisor via SSH
  • Get the list of degraded vdisk with the following command:
  • getdegradedvdisks
  • Run 
  • parallelrepairvdisks [datastores=DS_UUID1,DS_UUID2,...]

Maksym Holiney December 17, 2014 1 OnApp Cloud / Product Notifications

It is required to update tzinfo gem to 0.3.42 version to address correct GMT offset for Moscow region.

NOTE! Only customers who are affected with this issue should uprgade!

1. Enter Control Panel box via ssh as root

2. Run

# yum update rubygem-tzinfo

3. Restart the http and onapp services

# service onapp restart
# service httpd restart

Maksym Holiney December 11, 2014 OnApp Cloud / Product Notifications

Ruby 2.0.0 update to address fixes of CVE-2014-3566, CVE-2014-8080, CVE-2014-8090. Applicable to OnApp version 3.3.0 and higher


  • The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.


  • The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.


  • The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.

Fixes of the following vulnerabilities for the YAML 1.1 parser and emitter C libraries. Applicable to OnApp version 3.0 and higher


  • The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.


  • Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file

To apply the CVE fixes described above, please upgrade the Control Panel following the below instructions:

  • Enter the Control Panel box via ssh, and run from under root user to address YAML vulnerabilities:
# yum update libyaml
  • Enter the Control Panel box via ssh, and run from under root user to address RUBY vulnerabilities:
# yum update ruby rubygems
  • restart onapp and httpd services