js · @hulumi/driftCritical
@hulumi/drift: classifier bugs mask attacks and fire false positives
Two bugs in @hulumi/drift classifier: (1) adapter failures were cached as 'all clear' (None/none) for 6 hours, masking real attacks; (2) Mixed/ConsoleBreakGlass
What changed
Two bugs in @hulumi/drift classifier: (1) adapter failures were cached as 'all clear' (None/none) for 6 hours, masking real attacks; (2) Mixed/ConsoleBreakGlass verdicts could fire on probe liveness instead of actual CloudTrail evidence.
Who it affects
All consumers of @hulumi/drift < 1.4.0 running drift detection in CI/cron or downstream incident workflows.
What to do today
Upgrade to @hulumi/[email protected] immediately.
The trail
Collected→
Audited→
Written→
Published