Freshbits โ hardening + cleanup wave
Security
- #21203 6ac8975 Security/Gateway: harden Control UI static path containment- 7c500ff fix(security): harden control-ui static path resolution
- 71bd15b fix(ssrf): block special-use ipv4 ranges
- 73d93de fix: enforce inbound media max-bytes during remote fetch
- b34097f fix(security): enforce msteams redirect allowlist checks
- 8942ac0 fix(security): fail closed on unauthenticated discovery routing
macOS
- 617e38c Security/macos: enforce wss for non-loopback direct gateway- 90a378c fix(macos): block quoted shell substitution in allowlist checks
- dd41fad fix(macos): enforce path-only exec allowlist patterns
- 2028ca4 fix(macos): unify exec allowlist validation pipeline
