We hope you like the new look of the Alloy Announcements page! 🎨

It's been a month of modest improvements to Alloy. No ground-breaking new features, just quiet optimisations and bug fixes to make your Alloy experience even better ✅. The update took place during the evening of the 31st October. For a full list of changes in v2.64, please visit the Alloy Changelog.

Cloud malware protection ⚠️

When uploading files to Alloy, they can now be scanned for malware.

Given Alloy's role in storing and processing lots of potentially sensitive data, we've always taken security very seriously. As a result, the attack surface of Alloy itself is fairly low, with no significant vulnerabilities detected during our annual third-party security tests. As a precaution, Alloy blocks the same file extensions as Microsoft Outlook by default, to prevent the storage of dangerous file types with well-known vulnerabilities.

However, it remains possible for a file containing malicious code to be uploaded and stored in Alloy. While it would effectively be dormant and unlikely to cause direct harm, bad actors could potentially utilise Alloy as a method of distribution for infected files (e.g. sent via workflow emails).

Therefore, files uploaded to Alloy can now be scanned using Amazon's GuardDuty Malware Protection. All files are quarantined by default until they pass the security checks. If malicious code is detected in a file, it remains inaccessible and can't be used for any purpose. Attempting to download it will display an error message, explaining why and recommending deletion.

If you wish to enable this extra layer of security on your customer project, please contact Support to opt in.