Security
Fixes GHSA-vwx9-7qcf-gg7f — cross-tenant IDOR on namespace endpoints reachable via API Key and JWT callers, allowing a caller to read, edit, delete or toggle session recording of a namespace they are not scoped to, and to enumerate namespaces across tenants on the list endpoint. Reported by @Edu0x01.
What's Changed
- fix(api): prevent cross-tenant access via API Key and JWT by @gustavosbarreto
Full Changelog: v0.21.5...v0.21.6