On Monday evening, we published two quick updates to the app. The first release closed an obscure but concerning security weakness that was discovered by one of the outside specialty firms that we have contracted with to do penetration testing. These guys are experts in the black arts of hacking websites and services, and they do a great job of helping us be certain that our app is fully secure and hardened against even really creative attacks like this one. We treat reported issues from penetration testing very seriously, in this case deploying a fix less than 24 hours after its discovery.
The second release tonight improved the login page’s handling of older browsers. The app is designed to display a notification to users of Internet Explorer 6 and other outdated browser versions that have trouble running modern web apps. The logic in that functionality was imperfect, though, and the notification was displaying to users with Firefox 7 and other brand-new browser releases. We have reimplemented the warning to display to selected old browsers only.