Kartik Ohri joins the MetaBrainz team!

I’m pleased to announce that Kartik Ohri, AKA Lucifer, a very active contributor since his Code-in days in 2018, has become the latest staff member of the MetaBrainz Foundation!

Kartik has been instrumental in rewriting our Android app and more recently has been helping us with a number of tasks, including new features for ListenBrainz, AcousticBrainz as well as breathing some much needed life into the CritiqueBrainz project.

These three projects (CritiqueBrainz, ListenBrainz and AcousticBrainz) will be his main focus while working for MetaBrainz. Each of these projects has not had enough engineering time recently to sufficiently move new features forward. We hope that with Kartik’s efforts we can deliver more features faster.

Welcome to the team, Kartik!

MusicBrainz Server update, 2021-02-15

This is a fairly small release that brings a few bug fixes and some small improvements, while the team works on some background tasks.

A new release of MusicBrainz Docker is also available that matches this update of MusicBrainz Server. See the release notes for update instructions.

Thanks to david-russo and jesus2099 for submitting patches. Thanks to hibiscuskazaneko, kellnerd and Trevor for having reported bugs and suggested improvements. Thanks to mfmeulenbelt and salorock for updating translations. And thanks to all others who tested the beta version!

The git tag is v-2021-02-15.

Fixed Bug

  • [MBS-9573] – Search for edits loses track of type criteria
  • [MBS-11354] – Recording edit view shows up/down arrows for recordings of a single work
  • [MBS-11366] – Harmful links not greyed out once they have been removed
  • [MBS-11368] – Regression: track title span.name-variation disappeared from Edit Medium edit


  • [MBS-11329] – Return privileges as a number in internal editor JSON
  • [MBS-11352] – Add Starzik to the “malware domains” blacklist and isGreyedOut
  • [MBS-11359] – Add GeoNames to the sidebar
  • [MBS-11365] – Allow Resident Advisor /podcast URLs for releases
  • [MBS-11369] – Don’t use top vertical align data in tables for details
  • [MBS-11370] – Historic edit track length: display track lengths of 0 ms or -1 ms as unknown

Incident report: January 27th service outage

On January 27th, starting at 4:31UTC we were hit with increasing amounts of traffic from what appeared to be hundreds of different IP addresses mostly belonging to Amazon Web Service IP addresses. At 8:46UTC the inbound traffic overwhelmed our systems and brought nearly all of our services to a standstill.

After investigating the situation and receiving no meaningful assistance from Hetzner (our ISP who advertises DDoS mitigation services as part of their offerings) we blocked three subnets of IP addresses in order to restore our services. At 13:14UTC we put the block in place and our services started recovering.

We reported the issue to Hetzner and to AWS shortly after restoring our service. The next morning we received a friendly email from Andy, who works for one of our supporters at Plex, stating that they received a complaint from AWS. What happened next and how this matter was resolved is told by Andy himself:

Overnight on Wednesday, first thing Thursday morning, we received an abuse report that our servers were flooding an IP that corresponded to musicbrainz.org. We scrambled to investigate, as we are happy MusicBrainz partners, but it was a strange report because we run our MusicBrainz server and hit that instance rather than communicating with musicbrainz.org directly. And the IPs mentioned were specifically related to our metadata servers, not the IPs that would be receiving data updates from upstream. Just as some of our key engineering team members were starting to wake up and scrub in, it started to seem that it was a coincidence and we weren’t the actual source of the traffic and had simply been caught up in an overeager blocking of a large IP range to get the services back up. Never trust a coincidence. We continued to stay in touch with the team at MusicBrainz and within a few hours we had clear evidence that our IPs were the source of the traffic. We got the whole engineering team involved again to do some investigation, and we still couldn’t figure much out since we never make requests to musicbrainz.org and we had already worked to rule out the potential of any rogue access to our servers. By isolating our services and using our monitoring tools, we finally discovered that the issue was actually our traffic to coverartarchive.org, not musicbrainz.org, as they happen to be serviced by the same IP address. And this made much more sense, as we do depend on some API calls to the Cover Art Archive.

The root cause was an update to the Plex Media Server which had been released earlier in the week. There was a bug in that update that caused extra metadata requests to our own infrastructure. We had noticed the spike in our autoscaling to accommodate the extra traffic and already put together another update to fix the bug. That extra traffic on our infrastructure also translated to a more modest increase in requests to some of our metadata partners, including CAA. While the fix was already rolling out to Plex Media Servers, this provided a good opportunity to evaluate the CAA traffic and put our own rate limit in place to protect against future issues. We wrapped up that change in the afternoon on Thursday.

Throughout the ordeal, we appreciated the communication back and forth with our partners at MusicBrainz so that we could work together to investigate and follow leads to find a timely resolution.

Andy from Plex

While this whole situation was very stressful and frustrating to us, in the end it was resolved by a very friendly and technical detective game to identify and resolve the issue. It is always nice when geeks talk to geeks to resolve issues and get services working again. Thank you to Andy and his team — let’s hope we can avoid an issue like this in the future.

We’d apologize for the trouble caused by our IP address block and for our services being unavailable for several hours.

EDIT: We should also mention that all of our services are served from one single gateway IP address, so coverartarchive.org and musicbrainz.org have the same IP address.

MusicBrainz Server update, 2021-02-01

This slightly delayed release brings with it more bugfixes, improvements, and React-converted templates than usual. A new data report created by loujin lists disc IDs that are attached to media but not applied to them. Also, the Italian localization of the website – that was available in beta only and is maintained by salorock – reached 100% and is now available for the main website, evviva!

A new release of MusicBrainz Docker is also available that matches this update of MusicBrainz Server. See the release notes for update instructions.

Thanks to loujin for updating data reports about CD releases. Thanks to Alex_, cam1170, CatQuest, chaban, chirlu, culinko, danbloo, flamingspinach, eloise_freya, Freso, ianmcorvidae, jesus2099, kellnerd, Lotheric, loujin, metrickstar, nikki, pmepepnoute, psychoadept, rafwuk, and selflessself for having reported bugs and suggested improvements. Thanks to mfmeulenbelt and salorock for updating translations. And thanks to all others who tested the beta version!

The git tag is v-2021-02-03.1-hotfixes.

Fixed Bug

  • [MBS-4782] – Cover art edits of merged releases display with broken release link and without image
  • [MBS-8028] – Can’t edit series type
  • [MBS-9674] – URLs with IDN domains not considered valid
  • [MBS-10187] – “Merge artists” edit is stuck
  • [MBS-10872] – Fix “colSpan” in “Edit Medium” edits
  • [MBS-10964] – The credited-as name in an artist credit cannot be empty
  • [MBS-11123] – Improve the “Added entities” table in the editor profile
  • [MBS-11289] – Can not add YouTube Music as external link
  • [MBS-11292] – United Nations flag inappropriate icon for worldwide
  • [MBS-11317] – Annotation trimming breaks initial <li> in release editor
  • [MBS-11328] – Regression: Approving an edit redirects to home page
  • [MBS-11332] – Ended recording-of rels in release inline view show “((ended))”
  • [MBS-11333] – Regression: Cover art edits of merged releases display incomplete filename
  • [MBS-11340] – Punctuation and diacritics not allowed in Spotify user URLs
  • [MBS-11353] – Regression: Image type can’t be unset
  • [MBS-11357] – Regression: Unable to link RateYourMusic to release groups (hotfixed)
  • [MBS-11358] – Regression: Alias sort name can’t be left blank (hotfixed)
  • [MBS-11360] – Regression: Can’t add/edit release group alias (hotfixed)
  • [MBS-11362] – Regression: Recent medium title edits look like they changed the tracklist (hotfixed)
  • [MBS-11363] – Regression: Bad request when cancelling a merge (hotfixed)


  • [MBS-1459] – Only display links at bottom of artist overview when relevant
  • [MBS-4548] – Allow seeing all uses of an artist credit
  • [MBS-9840] – Add OVERTURE by DOREMUS to the other DBs whitelist
  • [MBS-10830] – Don’t display remove function in sidebar if an entity can’t be removed
  • [MBS-10915] – Add button to remove individual data tracks in presence of Disc ID
  • [MBS-11111] – Mark recordings merged from release merge as having pending edits
  • [MBS-11256] – Auto accept adding track listing to previously unknown medium
  • [MBS-11279] – Make ISWC and ISRC search in otherlookups consistent
  • [MBS-11288] – Drop decoda.com from lyrics whitelist
  • [MBS-11297] – Block adding Wikipedia/Wikidata links to releases
  • [MBS-11310] – Clarify when discid would cause subsecond changes
  • [MBS-11322] – Update Resident Advisor URL cleanup and add validation
  • [MBS-11324] – Trim input in the barcode search field
  • [MBS-11327] – Show CAA icons on release search page
  • [MBS-11336] – Don’t show ended rels in “URLs with deprecated relationships” report
  • [MBS-11344] – Use HTTPS for rateyourmusic URLs and add validation
  • [MBS-11346] – Lower threshold on report for discID with very long durations
  • [MBS-11351] – Sort instrument reports by name before type

New Feature

[MBS-11348] – New report for releases with attached discIDs that are not actually applied

React Conversion Task

  • [MBS-10995] – Convert Other Lookups form to React
  • [MBS-10996] – Convert search index to React
  • [MBS-11045] – Convert Edit medium edit to React
  • [MBS-11112] – Convert /main error pages to React
  • [MBS-11168] – Convert alias edit form and edit pages to React
  • [MBS-11277] – Convert Other Lookups results to React

Other Task

  • [MBS-10999] – Make adding ISNIs and IPIs auto-edits for everyone
  • [MBS-11361] – Enable Italian localization for musicbrainz.org (hotfixed)