Resolved -
Our fix is now deployed and we're seeing normal volume of successful username/password logins.
Dec 23, 19:56 MST
Update -
The fix is still rolling out. In the interim, root cause was an upgrade to our net-http library. That upgrade removed a default header, "application/x-www-form-urlencoded," from http requests our code issues to Cloudflare. The Cloudflare Turnstile API, which we use in conjunction with Captcha, expects this header to be present, and started rejecting our requests as a result.
Dec 23, 19:40 MST
Update -
Ok, we've confirmed our fix is working and are rolling it out to our servers now. ETA is 30 minutes.
Dec 23, 19:19 MST
Identified -
We think we identified the issue and are deploying a hotfix. Stay tuned.
Dec 23, 18:48 MST
Investigating -
We've identified an issue where people who login with a username and password are receiving a Captcha verification failure. Note, login for people with SSO is unaffected.
Dec 23, 18:43 MST