jani.tarvainen@ibexa.co noticed that some pages are timing out on ibexa.co. He narrowed down the issue to requests resulting in 404 response. This happens in many cases: missing asset, invalid route etc.

This is potentially dangerous as in some cases it'll leak timeout message from PHP unveiling PHP being used on the server as well as some filenames.

Example response:

Fatal error: Allowed memory size of 1073741824 bytes exhausted (tried to allocate 20480 bytes) in /app/vendor/ibexa/commerce-shop/src/bundle/Eshop/Services/ConfigResolver.php on line 137

Fatal error: Allowed memory size of 1073741824 bytes exhausted (tried to allocate 528384 bytes) in /app/vendor/ibexa/commerce-shop/src/bundle/Eshop/Services/ConfigResolver.php on line 137 

It was reproduced on a few instances running both PHP 7.4 and 8.x, HTTP cache doesn't seem to play a role here as well. It can be reproduced locally only when prod env is used.