A fix has been implemented and we are monitoring the results.
Posted Jun 20, 2023 - 20:12 EDT
Update
We have slightly lowered the impact from Critical to Major.
Posted Jun 20, 2023 - 18:15 EDT
Update
We are continuing to work on a fix for this issue.
Posted Jun 20, 2023 - 17:53 EDT
Update
Customers with HTTP notification endpoints that support http/2 but were validating or expecting incoming HTTP header names in a case-sensitive way are experiencing issues since a recent deployment updated our outbound requests to use http/2 by default, which requires header names to be sent in lower case.
We're deploying a fix to force http1.1 for our outbound requests to help customers work around this, and also recommend that any application code which is parsing header values is updated to be case insensitive, in keeping with the relevant HTTP RFCs.
Posted Jun 20, 2023 - 17:44 EDT
Update
Our team has identified and narrowed down the issue related to signature and timestamp headers being omitted.
Posted Jun 20, 2023 - 16:06 EDT
Identified
We are currently investigating the issue and looking for a solution. We have elevated a critical status for this incident. We will provide further updates.
Posted Jun 20, 2023 - 15:46 EDT
Investigating
On June 20th, 2023 5:00 PM UTC, We have identified a potential issue with our upload mechanism where the signature in the payload request may have been omitted. We will provide further updates.
Posted Jun 20, 2023 - 15:39 EDT
This incident affected: Third-Party - Amazon Web Services (AWS ec2-us-east-1, AWS ec2-eu-west-1).