On Wednesday, January 3rd, research was published on a class of security vulnerabilities affecting specific processors. These vulnerabilities could allow a user who can execute code on a system to gain unauthorized access to information across security boundaries.
Fastly has completed initial analysis of these vulnerabilities and does not believe they pose an immediate threat to Fastly customers.
Based on an initial review, we do not believe these disclosures expose Fastly customers to an immediate threat, including through use of the Varnish Configuration Language (VCL).
We are continuing to investigate how these disclosures may affect both Fastly products and technologies we use. We will design and deploy mitigations where required to improve the security of our network and customer traffic.
Customers do not need to take any action in response to this vulnerability.
The Fastly engineering teams have assessed the impact of this vulnerability, and found no immediate impact on the security of the Fastly network.
As usual with software vulnerabilities, certain machines will need to receive software updates to deploy the mitigations provided by our operating system and software vendors. We do not expect customer-visible impact as these updates are deployed.
You can learn more about this vulnerability here.