Cloudflare Vulnerability Does Not Affect Us

Last night Cloudflare reported that a vulnerability in their parser exposed customer information. We route two of our domains through Cloudflare for performance (gibraltarsoftware.com and onloupe.com) and have reviewed the vulnerability reports. We’ve determined that we have not been affected by this issue and none of our customer data has been exposed. The reason for this is we only route static sites through the Cloudflare proxy, specifically:

  • www.gibraltarsoftware.com
  • blog.gibraltarsoftware.com
  • onloupe.com
  • doc.onloupe.com

None of these sites collect information with the exception of two anonymous contact forms on www.gibraltarsoftware.com which does not use the feature flags identified in the vulnerability report.

Future Use of Cloudflare

We are currently testing a new version of the Loupe Service which separates the static content of the site (notably our AngularJS codebase) from the data API specifically so we can route thee static content through Cloudflare to improve startup performance around the world. We are reviewing these plans to be sure that at no time we route data through Cloudflare as the theoretical performance improvement is not worth the potential risk.

Related Posts

Loupe Agent for .NET Core Now Available

The first release of the Loupe Agent for .NET Core is also our first open source version of the Loupe Agent. This is the first step in our plan to open source the entire Loupe Agent to make it easier for anyone to extend and take advantage of what Loupe... Read more

We've Moved Loupe Service to App.OnLoupe.Com

Loupe Service now has a shorter, direct site name that's faster, anywhere in the world. Just to go App.OnLoupe.Com, the new CDN-accelerated endpoint for the Loupe Service. Your existing Agents and Loupe Desktops are unaffected by this change, but access to the web UI will be redirected to the new... Read more

Loupe 4.5 Released with New Log Viewer for Web

Rapidly diagnose each error in any .NET application with our new Web Log Viewer and Exception root cause analysis, new in Loupe 4.5. New integration with Azure Service Bus and Azure Search enables full Loupe functionality without any Virtual Servers in Azure. Read more

Rock solid centralized .NET logging

Unlimited applications, unlimited errors, scalable from solo startup to enterprise.