The engineers working on this update were experienced, consulted documentation and did follow established processes. This explains why our automated testing had not detected this error. This test did provoke the same error, but intermittently and only after an extended period of time. On Friday morning, May 28, based on the confirmed root cause, we deployed a new test specifically designed to check for this issue in our test environment. The inadvertent cache configuration update unfortunately disabled those protections. This would normally not lead to an information leak since additional protections including user-specific cache keys are enforced. However, the CDN configuration can at times override the app configuration.
0 Comments
Leave a Reply. |