Our fix is now deployed and we're seeing normal volume of successful username/password logins.
Posted Dec 23, 2025 - 19:56 MST
Update
The fix is still rolling out. In the interim, root cause was an upgrade to our net-http library. That upgrade removed a default header, "application/x-www-form-urlencoded," from http requests our code issues to Cloudflare. The Cloudflare Turnstile API, which we use in conjunction with Captcha, expects this header to be present, and started rejecting our requests as a result.
Posted Dec 23, 2025 - 19:40 MST
Update
Ok, we've confirmed our fix is working and are rolling it out to our servers now. ETA is 30 minutes.
Posted Dec 23, 2025 - 19:19 MST
Identified
We think we identified the issue and are deploying a hotfix. Stay tuned.
Posted Dec 23, 2025 - 18:48 MST
Investigating
We've identified an issue where people who login with a username and password are receiving a Captcha verification failure. Note, login for people with SSO is unaffected.