Cloudflare outage on November 18, 2025
blog.cloudflare.com
Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.

The issue was not caused, directly or indirectly, by a cyber attack or malicious activity of any kind. Instead, it was triggered by a change to one of our database systems’ permissions which caused the database to output multiple entries into a “feature file” used by our Bot Management system. That feature file, in turn, doubled in size. The larger-than-expected feature file was then propagated to all the machines that make up our network.

The software running on these machines to route traffic across our network reads this feature file to keep our Bot Management system up to date with ever changing threats. The software had a limit on the size of the feature file that was below its doubled size. That caused the software to fail.

  • melsaskca@lemmy.caEnglish
    192·
    3 months ago

    We are going to see a lot more of this type of bullshit now that there are no standards anymore. Fuck everything else and make that money people!

  • ranzispa@mander.xyzEnglish
    3·
    3 months ago

    Before today, ClickHouse users would only see the tables in the default database when querying table metadata from ClickHouse system tables such as system.tables or system.columns.

    Since users already have implicit access to underlying tables in r0, we made a change at 11:05 to make this access explicit, so that users can see the metadata of these tables as well.

    I’m no expert, but this feels like something you’d need to ponder very carefully before deploying. You’re basically changing the result of all queries to your db. I’m not working in there, but I’m sure in plenty places if the codebase there’s a bunch of query this and pick column 5 from the result.

    • stepintomydojo@sh.itjust.worksEnglish
      52·
      3 months ago

      Zero for the triggering action. A human rolled out a permissions change in a database that led to an unexpected failure in a different system because that other system was missing some safety checks when loading the data (non-zero chance that code was authored in some way by AI).

  • panda_abyss@lemmy.caEnglish
    926·
    3 months ago

    Classic example of how dangerous rust is.

    If they had just used Python and ran the whole thing in a try block with bare except this would have never been an issue.

    Edit: this was a joke, and not well done. I thought the foolishness would come through.

    • jimmy90@lemmy.worldEnglish
      4·
      3 months ago

      honestly this was a coding cock-up. there’s a code snippet in the article that unwraps on a Result which you don’t do unless you’re fine with that part of the code crashing

      i think they are turning linters back to max and rooting through all their rust code as we speak