Incident reports, postmortems, and status updates from Atmos Pro and its infrastructure dependencies.
Postmortems and incident reports for Atmos Pro — what happened, the impact on customers, and what we did to prevent it from happening again.
Following the April 2026 Vercel security incident and additional third-party supply-chain communications, Cloud Posse rotated credentials for integrated services out of an abundance of caution. Approximately 30 minutes of redeployment downtime. We have no evidence of unauthorized access to Cloud Posse systems, Atmos Pro infrastructure, or customer data.
Inngest publicly disclosed CVE-2026-42047 in their TypeScript SDK. Per the criteria published by Inngest — frameworks using explicit HTTP method mapping (such as Next.js App Router) were inherently protected — Atmos Pro was not technically affected. We received embargoed advance notice and had already upgraded to the fix version and rotated credentials before public disclosure.
A planned upgrade to an internal validation library exposed latent defects in our authentication flow, causing a full outage. Production was rolled back within minutes; a fix was deployed later the same day. No customer data was lost or compromised.
Some users experienced intermittent login failures due to a blocking monitoring call in the login flow
