Summary
This is a patch release that fixes an issue where brute force detection triggers an SMS, thus potentially causing a buildup of SMS'es being sent to a bad actor that can cause bill shock.
The fix changes the logic to log a WARN level message in Haventec logs, instead of sending the SMS, when a brute force scenario is detected.
Change Log:
- [Bugfix] Connect Backend: /challenge endpoint is sending an SMS when brute forced, causing spamming of the SMS transport
Backwards Compatibility
- This release is backwards compatible with prior releases Connect 1.0.31
- This release is compatible with latest releases of all Haventec Services:
- Java SDK 1.1.4
- Node SDK 1.0.9
- Authenticate 1.2.79 to 1.2.79.1
- Console 1.2.71 to 1.2.71.2
- Haventec IAM 15.0.2 and 15.1.1
Release Steps
- Verify pre-release system integrity by
- Perform system functional tests
- Check that there are no errors in logs
- Verify performance and response times are expected
- Perform the release to deploy Connect
- Verify post-release system integrity by:
- Perform system functional tests
- Check that there are no errors in logs
- Verify performance and response times are expected.
Rollback Steps
- Deploy previous version of Connect
- Verify system integrity by:
- Perform system functional tests
- Check that there are no errors in logs
- Verify performance and response times are expected.
Comments
0 comments
Please sign in to leave a comment.