Multi-Tier Cache (Mitigate CVE-2025-36852) #10724
Closed
dougalg-js-tw
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Goals
Non-goals
No response
Background
By default it seems that turbo cache is shared across prod and non-prod builds which appears to fall under the CVE-2025-36852 cache poisoning vulnerability.
Currently the only way around this that I can see is to manually separate prod and non-prod caches with separate access tokens.
Proposal
It would be nice to get more performance by enabling a multi-tier cache so that users can fetch from the prod cache as an automatic fallback but only write to it from prod envs.
Beta Was this translation helpful? Give feedback.
All reactions