Upload notifications

Incident Report for Cloudinary

Resolved

This incident has been resolved.
Posted Jun 21, 2023 - 08:18 EDT

Monitoring

A fix has been implemented and we are monitoring the results.
Posted Jun 20, 2023 - 20:12 EDT

Update

We have slightly lowered the impact from Critical to Major.
Posted Jun 20, 2023 - 18:15 EDT

Update

We are continuing to work on a fix for this issue.
Posted Jun 20, 2023 - 17:53 EDT

Update

Customers with HTTP notification endpoints that support http/2 but were validating or expecting incoming HTTP header names in a case-sensitive way are experiencing issues since a recent deployment updated our outbound requests to use http/2 by default, which requires header names to be sent in lower case.

We're deploying a fix to force http1.1 for our outbound requests to help customers work around this, and also recommend that any application code which is parsing header values is updated to be case insensitive, in keeping with the relevant HTTP RFCs.
Posted Jun 20, 2023 - 17:44 EDT

Update

Our team has identified and narrowed down the issue related to signature and timestamp headers being omitted.
Posted Jun 20, 2023 - 16:06 EDT

Identified

We are currently investigating the issue and looking for a solution. We have elevated a critical status for this incident. We will provide further updates.
Posted Jun 20, 2023 - 15:46 EDT

Investigating

On June 20th, 2023 5:00 PM UTC, We have identified a potential issue with our upload mechanism where the signature in the payload request may have been omitted. We will provide further updates.
Posted Jun 20, 2023 - 15:39 EDT
This incident affected: Third-Party - Amazon Web Services (AWS ec2-us-east-1, AWS ec2-eu-west-1).