{question}
What should SingleStore Flow customers know about a recent security hardening change?
{question}
{answer}
During a recent internal security review, we identified that a fallback encryption key was embedded within the SingleStore Flow application code. We have proactively removed this fallback mechanism to ensure that modern key management standards are enforced across all deployments.
Exploitation of this fallback mechanism would be highly complex and impractical in any real-world scenario, as it requires an attacker to possess both the hardcoded fallback key and high-level privileged access to the runtime-generated configuration environment — conditions that would necessitate significant internal access rather than an external threat vector.
- If you are a SingleStore Helios customer: SingleStore has already applied this change to newly provisioned Flow instances. Where relevant, we are also contacting customers directly regarding older instances to ensure a smooth transition.
- If you are running SingleStore self-managed (on-premises): As you manage your own infrastructure, configuration, and encryption keys, you are responsible for maintaining appropriate safeguards in your environment as per our Shared Responsibility Model.
{answer}