Security Update: New GCR Based Planetscale Public Registry

March 3, 2020

·

Shaun Verch

If you are still pulling from registry.planetscale.com, you should update all your systems to instead pull from us.gcr.io/planetscale-vitess by March 26, 2020.

us.gcr.io/planetscale-vitess is Planetscale’s public registry for Vitess related components. For example, we build a Vitess container under us.gcr.io/planetscale-vitess/lite.

Previously, our registry was hosted at registry.planetscale.com. However, it was discovered that the registry software we were using had a remote exploit in which any attacker on the internet could become an admin user and, for example, use those privileges to upload malicious images.

We applied the necessary security patches, cleared out anything that we weren’t absolutely certain hadn't been altered, and verified that no malicious containers had been downloaded. Fortunately for us, it appeared that this was just a user who had read about the exploit and was testing it out on various registries. However, this did raise some concerns for us, not necessarily just with the registry software, but our decision to maintain the registry ourselves.

We take security seriously at Planetscale, and are always making prioritization decisions based on the time we have available and the impact it will have on our users. In this case, we decided to move to a fully hosted registry, primarily because of the safety and because we know the security will be handled for us. This is especially nice for something that isn't our primary focus, but still represents an important attack vector.

We would have liked to preserve the old endpoint for compatibility, but it turns out this is not as simple as redirecting to the new registry or adding a CNAME. We would have to run our own proxy that's backed by GCR behind the scenes, which would get us back into administering this ourselves. Instead, we decided to deal with this migration and point our existing users to GCR directly. It's possible that in the future as our team grows we will hide this, but for now this is the simplest way to remove our management burden and to mitigate the security risks that come with it.

Questions? Contact us, we'd love to hear from you.