Vulnerability in EPiServer.Forms
The environment consists of 3 servers, 1 internal CMS editing server and 2 public servers.
We can make changes on the editing server and publish.
In this case the Remote events work as expected letting the 2 public servers know to invalidate their cache for the specified content that has changed.
So we are happy that remote events are working.
However if we schedule the publish only 1 of the public servers updates ?
Has anyone else experienced this or have any ideas why this might be happening ?
Just thought I'd update on my findings and how we managed to fix this.
In our setup our public servers were configured with just remote event servers to receive remote events. They didn't have any clients to broadcast events as we figured they wouldn't be changing any content so shouldn't need to.
The internal CMS editing server then was configured with the just the client as we figured it was the only one to be changing content so should be the only one to broadcast remote event notifications.
The public servers however still had the scheduler enabled and one of them was actually the one that executed the delayed publish, but since it had no way to broadcast this none of the others knew to invalidate their caches.
I have made a change to the public web.configs to disable the scheduler.
<applicationSettings enableScheduler="false" ... />
This appears to have fixed the issue. I guess the other way to fix it would be to configure both the client and server remote events on all servers.