Developer Announcements

jmclaren
HubSpot Employee
HubSpot Employee

Sites using polyfill.io on HubSpot were rewritten to use Cloudflare's version

This is a reposting from the developer changelog. If there are any text differences between this copy and the original on the changelog the changelog is the source of truth.
--

URLs for a popular polyfill service (polyfill.io) began serving malicious code after years of serving safe polyfill scripts. Web developers use polyfills to add backward compatibility for newer browser APIs. None of HubSpot's default assets use polyfill.io hosted scripts. Developers building themes, templates, and modules on HubSpot can, at their discretion, include scripts from external domains. Developers may have included polyfills from polyfill.io this way. 

We protected all HubSpot hosted sites by rewriting all URLs for polyfill.io to use Cloudflare's safe original version of the polyfills to help all of our customers, developers, and partners, who've used polyfill.io hosted scripts. Along with eliminating the malicious code, this ensures that backward compatibility efforts made by developers are still operational.

There is no action needed from customers, partners, or developers using HubSpot.

When is it happening?

This change went into effect on July 15, 2024.

Jon McLaren

Sr. CMS Developer Advocate

Get started developing on the HubSpot CMS Developer Changelog
How to optimize your CMS Hub site for speed

If my reply answered your question, please mark it as a solution, to make it easier for others to find.

0 Respuestas 0

0 Respuestas

Aún no hay respuestas para esta publicación.

Por ahora, ningún usuario ha respondido a esta publicación. Vuelve pronto para ver si alguien tiene la solución o envía tu propia respuesta si sabes cómo ayudar. Cada grano de arena cuenta.

Responder esta publicación

¿Necesitas ayuda para responder? Echa un vistazo a las pautas de la comunidad