How we found and fixed a rare race condition in our session handling - The GitHub Blog

On March 8, out of an abundance of caution, we logged all users out of In this post we share technical details of the vulnerability and steps we're taking to ensure it doesn't happen again.

Click to view the original at

Hasnain says:

So this explains why everyone was logged out of GitHub the other day. Interesting technical analysis of a bug and a reminder of how hard it is to get complex code right.

“Taking a step back, a bug such as this is not only challenging from a technical perspective in how to identify complex interactions between multiple threads, deferred callbacks, and object sharing, but it is also a test of an organization’s ability to respond to a problem with an ambiguous cause and risk.”

Posted on 2021-03-19T03:14:58+0000