Time: July 2, 2024, 7:47 a.m.

Status: Postmortem

Update: **Incident Summary:** On 26th June at 05:57 UTC, we experienced a significant surge in traffic targeting one of our customers, including the payment URLs managed by Chargebee. This unexpected increase in requests led to service interruptions as our systems, including AWS Application Load Balancers \(ALBs\), were unable to scale adequately. **Current Setup:** Our current infrastructure is designed with multiple clusters to effectively minimize the impact radius during both internal changes and external load events. We utilize AWS's Layer7 functionality to manage overall routing to these clusters. We also have configured WAF with robust rules to block malicious traffic. **Root Cause:** The root cause of the downtime was a targeted attack involving requests from different IPs directed at one of our customer’s websites and their payment URLs \(Chargebee domain\). The high volume of the attack overwhelmed the system's capacity to scale, particularly affecting our AWS Load Balancers. Although AWS WAFs were enabled, the magnitude and speed of the attack within a short duration still caused a significant problem in the AWS Load Balancers, preventing the WAF from even evaluating the incoming requests. This resulted in an impact on all the clusters even though the underlying instances were healthy. **Steps Taken & Way Forward:** * A tool has been provided to the 24/7 operations team along with SOP to quickly implement the honeypot-based routing mitigation to be done during DDoS attacks. * Evaluating additional DDoS mitigation providers to replace/supplement AWS WAF. * We have planned to enhance our mitigation strategy by having traffic distribution with multiple load balancers in the routing layer. We aim to enhance our system's resilience against similar attacks and ensure uninterrupted service for our customers. We will continue to monitor and adapt our strategies as needed to address evolving security threats.

Time: June 26, 2024, 6:50 a.m.

Status: Resolved

Update: This incident has been resolved.

Time: June 26, 2024, 6:45 a.m.

Status: Monitoring

Update: We are continuing to monitor for any further issues.

Time: June 26, 2024, 6:37 a.m.

Status: Monitoring

Update: On June 26, 2024, between 05:57 and 06:17 UTC, we experienced brief server timeout issues for customers in the US region. We apologize for any inconvenience this may have caused.

Time: June 18, 2024, 8:23 a.m.

Status: Resolved

Update: On June 16, 2024, between 21:52:20 and 21:52:41 UTC (21 Seconds), we experienced brief server timeout issues for customers in the US region. We apologize for any inconvenience this may have caused.

Time: June 14, 2024, 4:29 p.m.

Status: Resolved

Update: Our team has identified and addressed the root cause of the issue, and the errors have stopped. We appreciate your patience and understanding. If you continue to experience any problems, please contact our support team.

Time: June 14, 2024, 3:49 p.m.

Status: Identified

Update: We have noticed server timeouts in the US region, causing some customers to experience intermittent errors in the Chargebee portal. Our team has identified the root cause of the issue and is working to resolve it. We apologize for any inconvenience caused.

Time: June 14, 2024, 7:38 a.m.

Status: Resolved

Update: We found an issue where some PC 1.0 customers couldn't use add-ons while creating or modifying subscriptions. The UI mistakenly showed "No addons found" although add-ons were available. A bug in the latest UI release caused this issue. We have resolved the problem by reverting the change. We apologize for any inconvenience caused.

Time: June 11, 2024, 1:40 p.m.

Status: Postmortem

Update: **Summary:** On June 06, 2024, at 04:30 UTC, a deployment introduced a change in the cancel subscription estimate API, making the cancel\_reason\_code parameter mandatory. This caused the API to trigger 4xx error responses when the cancel\_reason\_code was not provided, contrary to previous behaviour where this parameter was optional. The issue persisted until June 10, 2024, 04:30 UTC. The problem has been resolved by removing the mandatory check for the cancel\_reason\_code in the estimate API workflow. No product functionality was impacted, but the system generated 4xx errors for cancel subscription estimates with an empty cancel\_reason\_code. **Root Cause:** The root cause of the issue was a deployment on June 06, 2024, which inadvertently made the cancel\_reason\_code parameter mandatory for the cancel subscription estimate API when the Subscription cancellation reason was set as mandatory in the settings. This change was not intended and caused the API to return 4xx error responses when the cancel\_reason\_code was not provided. **Impact:** There was no direct impact on product functionality. The cancel subscription estimate API triggered 4xx error responses when the cancel\_reason\_code was empty. **Next Steps:** We have enhanced the error monitoring dashboard to identify any 4xx responses following code deployments to detect and address similar issues in the future quickly. Additionally, we have extended the impact area on automation test cases to ensure broader coverage and early detection of potential problems during the testing phase.

Time: June 11, 2024, 1:38 p.m.

Status: Resolved

Update: Between June 6, 2024, 04:30 UTC, and June 10, 2024, 04:30 UTC, a deployment made the cancel_reason_codeparameter mandatory in the cancel subscription estimate API, causing 4xx errors when it was not provided. The issue has been resolved by reverting the parameter to optional. No product functionality was impacted.