If you are using custom domain mapping or a wildcard mapping, it may be necessary to clear the cache manually by regenerating the mapped subdirectory. You can also update to the latest version of Netlify which has been patched. If you are using the CDN for images, we recommend using `cdn_url` instead of the `cdn_root` option, as the latter may be subject to cache poisoning. If you are unsure of the source of an image, we recommend using `cdn_url` instead of `cdn_root`, as it will allow you to see the full URL of the image. If you are using a custom domain mapping, we recommend mapping to a subdirectory of the source domain, as this prevents caching issues. For example, if you are using a custom domain mapping of `example.com:1234`, use `example.com/1234/` instead of `example.com/` in order to prevent caching issues. As a workaround, you can clear the cache by regenerating the mapped subdirectory. You can also update your site to the latest version of Netlify which has been patched.
Testing for Caching Issues
If you are experiencing issues with caching, we recommend testing your site in a browser cache-aware application such as `Mozilla Firefox` or `Google Chrome`. If you are using a custom domain mapping and experience issues, you can also clear the cache by regenerating the mapped subdirectory. As a final step, please update to the latest version of Netlify which has been patched.
Background information
This vulnerability was discovered by Scott Helme
Vulnerability: Custom Domain Mapping & Wildcard Mapping
If you are using custom domain mapping or a wildcard mapping, it may be necessary to clear the cache manually by regenerating the mapped subdirectory.
If you are using the CDN for images, we recommend using `cdn_url` instead of the `cdn_root` option, as the latter may be subject to cache poisoning. If you are unsure of the source of an image, we recommend using `cdn_url` instead of `cdn_root`, as it will allow you to see the full URL of the image. If you are using a custom domain mapping, we recommend mapping to a subdirectory of the source domain, as this prevents caching issues. For example, if you are using a custom domain mapping of `example.com:1234`, use `example.com/1234/` instead of `example.com/` in order to prevent caching issues. As a workaround, you can clear the cache by regenerating the mapped subdirectory. You can also update your site to the latest version of Netlify which has been patched.
Netlify tracks user visits to your site
Netlify tracks user visits to your site in order to see how our customers are using our services. This tracking is used to improve the way Netlify serves content, and ultimately provide a better experience for everyone. If you’d like to opt-out of this feature, please contact support@netlify.com
Netlify Pages
& Wildcard Mappings
We have received reports of the following security vulnerabilities which affect Custom Domains and Wildcard Mappings:
CVE-2019-35769
If you are using a wildcard mapping with an SSL certificate, it may be necessary to manually remove the mapped directory from your web server's cache. You can also update to the latest version of Netlify which has been patched.
Timeline
Published on: 09/23/2022 08:15:00 UTC
Last modified on: 09/27/2022 14:08:00 UTC