Freshbits โ€” security tightening & gateway polish


Security / Auth

- #20684 40a2926 fix: Control UI Insecure Auth Bypass Allows Token-Only Auth Over HTTP
- #20703 914a7c5 fix: Device Token Scope Escalation via Rotate Endpoint
- #20097 9c52497 fix(gateway): trusted-proxy auth rejected when bind=loopback

Gateway

- #12060 618b36f fix(gateway): return 404 for missing static assets instead of SPA fallback
- #13855 c8ee33c fix(gateway): include export name in hook transform cache key
- #19699 868fe48 fix(gateway): allow health method for all authenticated roles

Tests

- #22045 fe32150 test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy

Stats: +381 / -40 (files changed: 18)
Was this page helpful?