Summary
The internal API that handles attachment indexing for the platform search was previously unauthenticated. Every customer site has been migrated to an authenticated version, and the legacy unauthenticated endpoint has been removed.
Migration was done per-site over a multi-day window with real upload verification on each site and a soak period before the old endpoint was deleted. No customer-facing downtime.
For the biweekly blog
Pick one of these:
- One line: Closed an unauthenticated internal indexing endpoint and migrated every customer site to an authenticated version of the service.
- Two line: We migrated every customer site to an authenticated version of our internal attachment-indexing service. The legacy unauthenticated endpoint was monitored for several days with zero real-site traffic before being removed entirely.
Refs
- PCD269 (private tracker)
- PCD261 (master security tracking issue, private tracker)
Summary
The internal API that handles attachment indexing for the platform search was previously unauthenticated. Every customer site has been migrated to an authenticated version, and the legacy unauthenticated endpoint has been removed.
Migration was done per-site over a multi-day window with real upload verification on each site and a soak period before the old endpoint was deleted. No customer-facing downtime.
For the biweekly blog
Pick one of these:
Refs