Patch Changes
-
#14772
00c579aThanks @matthewp! - Improves the security of Server Islands slots by encrypting them before transmission to the browser, matching the security model used for props. This improves the integrity of slot content and prevents injection attacks, even when component templates don't explicitly support slots.Slots continue to work as expected for normal usage—this change has no breaking changes for legitimate requests.
-
#14771
6f80081Thanks @matthewp! - Fix middleware pathname matching by normalizing URL-encoded pathsMiddleware now receives normalized pathname values, ensuring that encoded paths like
/%61dminare properly decoded to/adminbefore middleware checks. This prevents potential security issues where middleware checks might be bypassed through URL encoding.