Fluid Attacks incident

Partial platform service disruption

Notice Resolved View vendor source →

Fluid Attacks experienced a notice incident on June 4, 2025 affecting Platform, lasting 6h 49m. The incident has been resolved; the full update timeline is below.

Started
Jun 04, 2025, 03:45 PM UTC
Resolved
Jun 04, 2025, 10:35 PM UTC
Duration
6h 49m
Detected by Pingoru
Jun 04, 2025, 03:45 PM UTC

Affected components

Platform

Update timeline

  1. identified Jun 04, 2025, 07:41 PM UTC

    Issues across multiple platform areas that potentially affect internal workflows and external users have been identified. These include unexpected errors, missing data in some views, and inconsistent behavior in automated processes.

  2. resolved Jun 04, 2025, 10:35 PM UTC

    The incident has been resolved, and platform operations have returned to normal. All impacted components are now working as expected.

  3. postmortem Jun 05, 2025, 02:16 PM UTC

    **Impact** An unknown number of users experienced various issues while using the platform. The issue started on UTC-5 25-06-03 16:56 and was proactively discovered 57.6 minutes \(TTD\) later by a staff member, who reported through our help desk [\[1\]](https://help.fluidattacks.com/agent/fluid4ttacks/fluid-attacks/tickets/details/944043000037291631) that it was not possible to resubmit vulnerabilities. Afterwards, additional reports related to vulnerability management, repository access, and event handling were received. The problem was resolved in 20.1 hours \(TTF\), resulting in a total window of exposure of 21.1 hours \(WOE\) [\[2\]](https://gitlab.com/fluidattacks/universe/-/issues/16232). **Cause** While updating our build system to a new version, we also updated the tool responsible for managing dependencies for one of our platform components. In the newer version, a key command used to provide these dependencies was removed. Since this process was happening inside a part of our infrastructure setup that wasn’t designed to catch such errors early \(due to technical debt\), the problem wasn’t visible until it affected the platform directly [\[3\]](https://gitlab.com/fluidattacks/universe/-/merge_requests/78641). **Solution** We improved how dependencies are handled, using an updated, recommended method. Additionally, we moved the dependency-building process out of the infrastructure setup and into a simpler script. This way, if something goes wrong in the future, it will fail earlier and more visibly, preventing broken updates from reaching the platform [\[4\]](https://gitlab.com/fluidattacks/universe/-/merge_requests/78693). **Conclusion** By adjusting the process to detect errors earlier, we’ve made the system more reliable and easier to maintain moving forward. **INFRASTRUCTURE\_ERROR < INCOMPLETE\_PERSPECTIVE**