General Information: Retrospective: Possible Vulnerability in our TLS Termination Software

Informational
07 September 2023, 14:18 UTC

General Information: Retrospective: Possible Vulnerability in our TLS Termination Software

Status: closed
Date: 07 September 2023, 14:15 UTC
End: 07 September 2023, 14:18 UTC
Duration: 2 minutes
Affected Components:
General Updates
Affected Groups:
All Public Users
Update

07 September 2023, 14:15 UTC

07 September 2023, 14:15 UTC

On Friday, the 1st of September 2023 a third party Security Researcher posted to social media that they had shared a possible vulnerability with Fastly and that we were delayed in responding to their security report.

Fastly Engineering has reviewed this report and identified minimal risk to Fastly customers, due to Fastly-specific architecture. In addition, our engineers have prepared and deployed a configuration update that has resolved any remaining possibility of an exploit.

This issue is resolved. Our investigation showed no evidence of any exploit of the vulnerability, and there are no further actions for our customers. 


Resolved

07 September 2023, 14:18 UTC

07 September 2023, 14:18 UTC

This incident is resolved.

For more information about this retrospective status post, please reach out to Support through https://support.fastly.com.