Conversation
double-charge bug (ENG-1421)
… re-apply INFO-6/LOW-12/LOW-16/LOW-17
fix(sec): add body-size limits on unauthenticated public endpoints
…ormational feat(security): MEM-23 Phase 5 Informational.
fix(sec): HIGH-12 — block open redirect on guest sign-in redirectUrl
…ning fix analyze amplification
…(MED-3, MED-6, MED-13) - MED-3: Cap recall and recall_manual limit at 100 (was unbounded) prevents full-table scan with limit=999999 - MED-6: Replace join_all() with buffer_unordered(10) in restore handler preventing OOM when restoring large namespaces with many blobs - MED-13: Cap sidecar decrypt-batch items at 50 (was unbounded) prevents memory exhaustion via large batch payloads
…urrency-resource-bounds fix(security): MEM-17 cap recall limit and bound restore concurrency
…et-private-keys-transmitted-per-request-to Fix MEM-7: Transmit key_index instead of private_key
…s (MED-1, MED-2)
- MED-1: Add x-nonce header (UUID v4) to signed message on SDK side;
server checks Redis SET NX (TTL=600s) to reject replayed nonces;
signed message format updated: {ts}.{method}.{path}.{sha256}.{nonce}
- MED-2: Check MemWalAccount.active field in verify_delegate_key_onchain();
deactivated accounts now return AccountDeactivated error (401),
default=true for backward compat with pre-fix contract versions
- Add AccountDeactivated variant to OnchainVerifyError enum
- Add 4 unit tests for error variants
…ection-block-deactivated fix(security): MEM-16 replay protection and block deactivated accounts
…, MED-20, MED-21) - MED-19: replace fail-open (silent allow) with fail-closed (503) on Redis error in all 3 layers (delegate-key, burst, sustained); add pipe().atomic() in record_in_window - MED-20: normalize trailing slash in endpoint_weight() to prevent cost bypass - MED-21: add pg_advisory_lock per-owner in check_storage_quota() to prevent TOCTOU race where concurrent requests could exceed storage quota - Add 7 unit tests (path normalization, hash stability, response codes)
…ng-hardening fix(security): MEM-18 rate limiter fail-closed on Redis error
…ervers feat: enable SEAL key-server verification across all SealClient insta…
validation, CORS lockdown on /sponsor
fix(sec): rate limiting + input validation on /sponsor endpoints (MEM-HIGH-4)
…ration-fix fix(security): HIGH-11 remove user_exists status to prevent account e…
…ty-fixes fix(sec): Phase 3 P2 — resolve 20 low-severity & info audit findings
…alThreshold config (MED-10)
fix(sec): remove x-delegate-key from wire (ENG-1696 + ENG-1697)
Sec/security fix
daniellam258
approved these changes
Apr 30, 2026
daniellam258
approved these changes
Apr 30, 2026
fix: remove broken npm upgrade step for OIDC trusted publishing
This reverts commit 69c8c0a.
Fix SDK trusted publishing workflow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
staging <- dev