Last night Cloudflare reported that a vulnerability in their parser exposed customer information. We route two of our domains through Cloudflare for performance (gibraltarsoftware.com and onloupe.com) and have reviewed the vulnerability reports. We’ve determined that we have not been affected by this issue and none of our customer data has been exposed. The reason for this is we only route static sites through the Cloudflare proxy, specifically:
None of these sites collect information with the exception of two anonymous contact forms on www.gibraltarsoftware.com which does not use the feature flags identified in the vulnerability report.
Future Use of Cloudflare
We are currently testing a new version of the Loupe Service which separates the static content of the site (notably our AngularJS codebase) from the data API specifically so we can route thee static content through Cloudflare to improve startup performance around the world. We are reviewing these plans to be sure that at no time we route data through Cloudflare as the theoretical performance improvement is not worth the potential risk.
Back in January of 2016 we decided to completely transition out of our data centers and into the cloud. On Sunday we finally shut down the last cluster of our hardware. Read more for how we did it and whether we would do it all over again if we had... Read more
We've updated Loupe 4 with key improvements to managing issues, a slew of performance upgrades, and our first built-in Excel export in the web UI. Read the full article for more on what's all new in 4.0.2! Read more
Use SQL Elastic Pools to lower SQL Azure costs by sharing throughput between multiple databases. Designed primarily for SaaS applications this can work anywhere you have peaks and valleys in your load. Read more