Gah! Somebody performed a key-exhaustion attack on the MsgUnqId that's used to link messages and attachments. The immediate middle-of-the-night fixup of increasing the keyspace for SendMessages fixed sending, but didn't fix adding attachments.
Altering the other database tables related to attachments fixed that issue - the underlying problem that attachments were silently not attached is a more significant bug. If something goes wrong the correct approach is to raise an error, not silently do half the job.
I've raised that as a P1 bug internally and CC'd basically everybody!
We have put in place additional limits to make sure nobody can jump an ID right to the top of the keyspace in future.
Bron.
|