Cloudflare security vulnerability: our response

This morning we have been made aware of a security vulnerability affecting Cloudflare, a major internet infrastructure company and our Content Delivery Network (CDN) provider.

All traffic to Hypothesis passes through Cloudflare’s servers in order to improve the performance and security of our service. Unfortunately, it appears that a bug in Cloudflare’s software may have leaked some traffic that should have been private into the pages it served for other customers’ sites. Put simply: it’s possible that communications that should have been private between our users and Hypothesis were not.

At the moment we have no evidence to suggest that any Hypothesis user’s private data was leaked as part of this vulnerability, but we are taking steps to minimise the risks posed by any possible disclosure.

Let’s get building!

This week saw Nick Stenning’s first week at Hypothes.is. Nick previously worked at Open Knowledge, where along with Aron Carroll and Rufus Pollock he was one of the authors of the open-source Annotator library we use in Hypothes.is. Nick is joining us to continue what he started with Annotator in 2008, and will be helping … Continued