Security fix
A specially crafted payload sent to the map-storage PATCH endpoint could cause the map-storage container to crash. The attacks need valid credentials to the map-storage server (which can be common for SAAS or WorkAdventure instances controlled via an AdminAPI. Congrats to https://positive.security/ on their responsible disclosure.
Bug fixes
- Backporting to hotfix: Switching Screenshare to AV1 encoding by @moufmouf in #6319
- fix(map-storage): release S3 sockets on client disconnect to prevent agent pool exhaustion by @moufmouf in #6325
Full Changelog: v1.32.6...v1.32.7