Advisory: Implementation Error When Using Profiles with Multi-Tenant Deployments
Feb 15, 2025
Issue
We have identified an implementation error that affects usage of the profiles feature with multi-tenant deployments, which can lead to service interruptions. In ODS / API 7.x, profile configurations are stored in the database and cached at the application level to reduce repetitive database queries. However, the profile cache does not distinguish between tenant contexts, meaning it can only store profiles for one tenant at a time. As a result, when an API client attempts to access a resource with an applied profile and its tenant-specific configuration is missing from the cache, the API returns an error response. If you use the Profiles feature in a multi-tenant deployment, we recommend that you install this update.
All deployments using profiles feature should review Additional Recommendations section.
Affected Versions
The following ODS/API versions are affected:
- 7.0
- 7.1
- 7.2
- 7.3
Anyone using the 7.0 release should use the 7.1 update, because 7.0 was never intended for production use.
Patch Releases
NuGet Packages
- 7.1:
- 7.2:
- 7.3:
Source code branches
- 7.1:
- 7.2:
- 7.3:
When using NuGet packages, you can rename the download, changing the extension ".nupkg" to ".zip", then open the zip file. Extract the DLL files and copy them into the binary directory for your installation. For source code users, please review the linked releases above and cherry-pick the latest changes.
Additional Recommendations
In addition to applying this update, we recommend:
- Reviewing current profiles to ensure profile names are unique across tenants.
- Enforcing uniqueness by adding a unique constraint on the ProfileName column. Refer to this commit for the necessary script.