Patch Changes
-
#14889
4bceeb0Thanks @florian-lefebvre! - Fixes actions types when using specific TypeScript configurations -
#14929
e0f277dThanks @matthewp! - Fixes authentication bypass via double URL encoding in middlewarePrevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g.,
/%2561dmininstead of/%61dmin). Pathnames are now validated after decoding to ensure no additional encoding remains.