About Integrates roles issue on 2020-01-31

What happened

  • Last Thursday (January 30th) at 19:44 we released a version of Integrates that caused a malfunction in authorization roles, in which “Manager” users were affected. The details of this commit can be found at https://gitlab.com/fluidattacks/integrates/commit/d1814d
  • We are updating our authorization model, to give more flexibility to our current roles and create more of them in the future. This issue was a product of one of those migrations.
  • No migration-related error, including this one, has jeopardized the confidentiality of our users’ information.

What we’ve done

  • On January 31st at 11:29, the issue was fixed by correctly assigning the permissions to the affected role.

What’s the impact

  • The issue lasted approximately 16 hours. However, access attempts only occurred from 7:50 to 11:12 on January 31st.
  • Approximately 6 of our users with manager roles were unable to see the “Users” tab and to manage the information of the findings on January 31st until 11:29.

What we are doing to help

  • To avoid future similar issues we are strengthening the peer review process in our development team, assuring that the changes in the authorization model are not affecting the previous ones.
  • With this announcement, customers are being notified that this was an internal error caused by a set of changes we had made on the authorization model and of what we did to fix it.