Fixed
- Fixes a bug where
fs.Chmodwould change the symlink target possibly allowing a malicious user to modify files outside their home directory. - Improved error handling when downloading files to not log as a 500-level error, preferring a 400-level response.
- Fixes JWT verification logic to confirm that the token has the required scopes for the target subsystem.