Taps.IM
ENTERPRISESecurity Advisories
Official security advisories, vulnerability disclosures, and incident responses for TapsIM's encrypted messaging platform and federation server infrastructure.
Security Timeline
Recent security events, enhancements, and incident responses
P9 Observability Framework Release
2024-12-15Major security enhancement with comprehensive monitoring and chaos resilience
Federation Deduplication Fix
2024-11-28Resolved low-severity race condition in message deduplication
Advanced Key Management
2024-10-12Implemented P7 key rotation and transparency features
Q3 Security Audit Completed
2024-09-01Comprehensive third-party security assessment with zero critical findings
Published Advisories
Comprehensive security advisories with technical details and remediation guidance
P9 Observability Framework Hardening
Description
Proactive security enhancement in P9 milestone implementation including comprehensive observability stack, chaos resilience framework, and advanced logging with sensitive data redaction.
Impact Assessment
No security vulnerability identified. This advisory documents security improvements implemented in the P9 milestone.
Technical Details
- Implemented OpenTelemetry distributed tracing with X-Taps-Trace-Id propagation
- Added comprehensive metrics collection with 12 federation-specific metrics
- Enhanced structured logging with frame/federation/crypto context redaction
- Deployed chaos engineering framework with 10 event types for resilience testing
- Integrated property-based testing with 4 fuzzing strategies
Remediation Steps
- 1Upgrade to Federation Server v1.9.0 or later
- 2Review observability configuration for your deployment
- 3Enable distributed tracing in production environments
- 4Configure chaos testing framework for development/staging
Advisory Details
Security Contact
Federation Message Deduplication Edge Case
Description
An edge case in the federation message deduplication logic could potentially allow duplicate message processing under specific timing conditions.
Impact Assessment
Low impact: In rare race conditions with high-frequency message sending, duplicate messages could be processed, potentially causing message ordering inconsistencies.
Technical Details
- Race condition in (origin, frame.id) deduplication map during concurrent writes
- Affects high-throughput federating servers under specific timing windows (~100ms)
- No data corruption or unauthorized access - only potential message duplication
- Issue identified through P8 chaos engineering stress testing
Remediation Steps
- 1Upgrade to Federation Server v1.8.0 immediately
- 2Review message logs for any duplicate entries between Nov 20-28, 2024
- 3Apply rate limiting if experiencing high-frequency federation traffic
- 4Contact [email protected] for assistance with impact assessment
Advisory Details
Security Contact
E2EE Key Rotation Security Enhancement
Description
Implementation of advanced key management and rotation capabilities as part of P7 milestone security enhancements.
Impact Assessment
Security enhancement: Improved key hygiene with offline root keys and short-lived online keys for enhanced forward secrecy.
Technical Details
- Implemented offline root β short-lived online key hierarchy
- Added key transparency log integration
- Enhanced forward secrecy with automatic key rotation
- Introduced key escrow protection for enterprise deployments
Remediation Steps
- 1Upgrade to Federation Server v1.6.0 or later
- 2Configure key rotation policies per organizational requirements
- 3Enable key transparency logging in production environments
Advisory Details
Security Contact
Stay Informed About Security
Subscribe to security notifications and access additional security resources to stay updated on the latest advisories and best practices.