Security bulletins
Security bulletins and advisories from Oblique. These include security issues with Oblique itself, as well as external incidents that could potentially impact Oblique.
September 16, 2025
Section titled “September 16, 2025”@ctrl/tinycolor
Section titled “@ctrl/tinycolor”What happened?
Several security vendors reported on September 15, 2025 that versions 4.1.1 and 4.1.2 of the package '@ctrl/tinycolor' were updated with malicious code. These malicious packages scan build and deployment environments for credentials, then publish secrets and private code repos publicly. Over 40+ other packages incorporated these versions. While Oblique depends on this package through Astro, it is pinned at version 4.1.0, and so unaffected.
What was the impact?
We have verified that our systems never imported the impacted versions, even in our development CI/CD systems.
Who was affected?
Neither Oblique nor any Oblique customers are affected.
What do I need to do?
No action is required from Oblique customers.
External references
September 2, 2025
Section titled “September 2, 2025”Salesloft
Section titled “Salesloft”What happened?
Oblique uses Cloudflare for some builds and web hosting, and we have previously communicated with Cloudflare support. A security breach of Salesloft Drift resulted in unauthorized access to Cloudflare support tickets. The breach allowed access to the text content of support communications. Oblique received a notification from Cloudflare on 2025-09-02 that Oblique’s data may have been exposed in the Salesloft incident.
What was the impact?
We have conducted a thorough review of all support communications and confirmed:
- None of Oblique's API keys, access tokens, or other credentials were shared in support tickets
- No Oblique customer data was disclosed in support communications
Who was affected?
Neither Oblique nor any Oblique customers are affected.
What do I need to do?
No action is required from Oblique customers.