Contentstack incident

Contentstack - Azure EU - Webhook Signature Validation Issue

Minor Resolved View vendor source →

Contentstack experienced a minor incident on January 23, 2026, lasting —. The incident has been resolved; the full update timeline is below.

Started
Jan 23, 2026, 06:30 AM UTC
Resolved
Jan 23, 2026, 06:30 AM UTC
Duration
Detected by Pingoru
Jan 23, 2026, 06:30 AM UTC

Update timeline

  1. resolved Jan 27, 2026, 11:20 AM UTC

    A standard security upgrade to Node.js 24 with OpenSSL 3 was deployed as part of our security hardening efforts. The upgrade introduced stricter RSA-PSS signature validation per RFC 8017 standards, changing the default salt length from a previously lenient range (32-222) to strictly enforcing 32 for SHA-256. This impacted webhook functionality for configurations using RSA-based certificates with salt lengths greater than 32. Upon identifying the impact, the update was promptly reverted to restore normal operations.