Hi,
We are having issues with Grist. We currently have a development Grist and a production Grist. I also happen to run Grist on my home lab for personal use.
My home lab and our development Grist are constantly having issues. For a while, I was thinking it was our NeuVector security that was causing it, but I can put that in monitor mode where it isn’t blocking anything and the issue continues.
I look at the logs and they show access attempts, but no errors. The document will not load and the only error I do get comes via the webpage
I have tickets open with SUSE (Rancher and NeuVector) about this and so far they said they aren’t seeing any issues. Space on the NFS file share is not the issue and the files are owned by the Grist users.
I’m not even sure the document is the problem. Sometimes the site itself won’t load even with the base url. Something is definitely wrong.
This error can be misleading, since Grist assumes it’s something up with the document (that’s why it mentions “document owners” there), but in this case it must be something lower-level and networking related.
Does your browser console show any errors when you see this, either in the “console” tab or the “networking” tab?
How are you running Grist? Is it a docker container? Is it behind a reverse proxy?
Sorry for the delay, it’s been very busy.
This is the error I’m getting. I get it with multiple browsers.
Specifically the top error, the others below come after a delay (timeout it seems)
The top one is a Chrome based browser, the bottom one is a Firefox based browser.
Next post since I can only paste one image per post.
So, I was checking SUSE NeuVector security platform and it seems there is a secret stored on the filesystem.
nv.grist.dev-grist/D.4.10 WARN - Ensure secrets are not stored in container images - File $EnvVariables contains Credential
nv.grist.dev-grist/D.4.10 WARN - Ensure secrets are not stored in container images - File /grist/node_modules/lazystream/secret contains Private.Key
D.4.8 WARN - Total 5 files have setgid mode
D.4.8 WARN - Total 8 files have setuid mode
What is this lazystream and does anyone know why it would have a private key stored in the container? A container having a static private key being distributed with the container would be a major security issue.
Also to note, the grist:latest container shows multiple CVEs.
Image ID: 2d6cc8ec8f922a0a9de44c32ed2add1f8f28277a26d706c86462d3d3264e89c9
Base OS: debian:12
High Vulnerabilities: CVE-2019-1010022, CVE-2019-1010022, CVE-2025-7458, CVE-2023-45853, CVE-2017-18018...
Medium Vulnerabilities: CVE-2016-2781, CVE-2025-5278, CVE-2024-2379, CVE-2025-10148, CVE-2024-2379...
