Nick Wilson discovered a security issue that affects Flow when used with caching proxies such as Varnish: https://phabricator.wikimedia.org/T116095 (this task will be opened soon).
In such a setup, topics in cache would remain accessible after the board was deleted.
We have deployed the fix to the cluster and merged it to the Flow repository.
Let us know if you are using REL1_24 or REL1_25 of Flow and this issue affects you.
Thanks,
Matt Flaschen
On 11/17/2015 05:12 PM, Matthew Flaschen wrote:
Nick Wilson discovered a security issue that affects Flow when used with caching proxies such as Varnish: https://phabricator.wikimedia.org/T116095 (this task will be opened soon).
In such a setup, topics in cache would remain accessible after the board was deleted.
We have deployed the fix to the cluster and merged it to the Flow repository.
Sorry, I didn't link the fix. It's https://gerrit.wikimedia.org/r/#/c/253760/ .
Thanks,
Matt Flaschen
wikitech-l@lists.wikimedia.org