dev

Messages by Date

2026/04/07 Re: [PR] Bump virtualenv from 20.35.4 to 20.36.1 (tooling-docs) via GitHub
2026/04/07 Re: [PR] Bump filelock from 3.20.0 to 3.20.3 (tooling-docs) via GitHub
2026/04/07 Re: [PR] Bump pygments from 2.18.0 to 2.20.0 (tooling-docs) via GitHub
2026/04/07 Re: [PR] Bump urllib3 from 2.5.0 to 2.6.3 (tooling-docs) via GitHub
2026/04/07 Re: [PR] Bump requests from 2.32.5 to 2.33.0 (tooling-docs) via GitHub
2026/04/07 Re: [PR] Bump pygments from 2.18.0 to 2.20.0 (tooling-docs) via GitHub
2026/04/07 Re: [I] Update pre-commit lint to use uv and act on push (tooling-docs) via GitHub
2026/04/07 Re: [PR] Bump filelock from 3.20.0 to 3.20.3 (tooling-docs) via GitHub
2026/04/07 Re: [PR] Bump virtualenv from 20.35.4 to 20.36.1 (tooling-docs) via GitHub
2026/04/07 Re: [PR] Bump urllib3 from 2.5.0 to 2.6.3 (tooling-docs) via GitHub
2026/04/07 Re: [PR] Bump requests from 2.32.5 to 2.33.0 (tooling-docs) via GitHub
2026/04/07 Re: [I] Provide clear instructions for running pre-check locally (tooling-docs) via GitHub
2026/04/07 Re: [I] We could add a `Dependabot` config for `actions` updates (tooling-docs) via GitHub
2026/04/07 Re: [PR] Bump filelock from 3.20.0 to 3.20.3 (tooling-docs) via GitHub
2026/04/07 [I] Make build-bootstrap error (tooling-trusted-releases) via GitHub
2026/04/07 Re: [I] Unauthenticated /api/tasks/list Endpoint Exposes Internal Error Details (tooling-trusted-releases) via GitHub
2026/04/07 [PR] Bump pygments from 2.18.0 to 2.20.0 (tooling-docs) via GitHub
2026/04/07 [PR] Bump requests from 2.32.5 to 2.33.0 (tooling-docs) via GitHub
2026/04/07 [PR] Bump virtualenv from 20.35.4 to 20.36.1 (tooling-docs) via GitHub
2026/04/07 [PR] Bump urllib3 from 2.5.0 to 2.6.3 (tooling-docs) via GitHub
2026/04/07 [PR] Bump filelock from 3.20.0 to 3.20.3 (tooling-docs) via GitHub
2026/04/07 Re: [I] ALLOW_TESTS Flag Enables Complete Authentication Bypass in Production Worker (tooling-trusted-releases) via GitHub
2026/04/07 Re: [I] Admin Pages Using template.blank() May Lack Logout Button (tooling-trusted-releases) via GitHub
2026/04/07 Re: [I] ALLOW_TESTS Flag Enables Complete Authentication Bypass in Production Worker (tooling-trusted-releases) via GitHub
2026/04/07 Re: [I] API JWT Creation Endpoint Missing Cache-Control Header (tooling-trusted-releases) via GitHub
2026/04/07 Re: [I] Admin Pages Using template.blank() May Lack Logout Button (tooling-trusted-releases) via GitHub
2026/04/07 Re: [I] Optional Safe-Type URL Parameters Bypass Validation (tooling-trusted-releases) via GitHub
2026/04/07 Re: [I] Form Hidden Field Validated Against Wrong Source (tooling-trusted-releases) via GitHub
2026/04/07 Re: [I] SSH Authentication Success Not Logged (tooling-trusted-releases) via GitHub
2026/04/07 Re: [I] Make server startup more efficient (tooling-trusted-releases) via GitHub
2026/04/07 Re: [I] Admin User Impersonation Has No Audit Trail (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] No Application-Level HTTPS Enforcement for API Endpoints (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] No Application-Level HTTPS Enforcement for API Endpoints (tooling-trusted-releases) via GitHub
2026/04/06 Re: [PR] Bump actions/cache from 5.0.3 to 5.0.4 (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] No Cleanup or Aggregate Limit for Upload Staging Directories (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] Upload Staging Token Lacks Session Management Properties (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] No Cleanup or Aggregate Limit for Upload Staging Directories (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] Upload Session Not Validated Against Project/Version Context (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] No File Size Limit on Web Upload Staging Endpoint (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] Upload Staging Endpoint Ignores Authentication Context (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] Upload Staging Token Lacks Session Management Properties (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] No File Size Limit on Web Upload Staging Endpoint (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] Upload Session Not Validated Against Project/Version Context (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] Upload Staging Endpoint Ignores Authentication Context (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] No WebSocket Origin Validation Framework Exists (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] No WebSocket Origin Validation Framework Exists (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] No WebSocket Origin Validation Framework Exists (tooling-trusted-releases) via GitHub
2026/04/06 Re: [PR] Bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (tooling-trusted-releases) via GitHub
2026/04/06 [PR] Bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (tooling-trusted-releases) via GitHub
2026/04/06 Re: [PR] Bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (tooling-actions) via GitHub
2026/04/06 Re: [PR] Bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (tooling-actions) via GitHub
2026/04/06 Re: [PR] Bump actions/cache from 4.2.0 to 5.0.4 (tooling-actions) via GitHub
2026/04/06 [PR] Bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (tooling-actions) via GitHub
2026/04/06 Re: [PR] Bump actions/upload-artifact from 6.0.0 to 7.0.0 (tooling-releases-client) via GitHub
2026/04/06 Re: [PR] Bump astral-sh/setup-uv from 6.4.3 to 8.0.0 (tooling-releases-client) via GitHub
2026/04/06 Re: [PR] Bump actions/cache from 5.0.3 to 5.0.4 (tooling-releases-client) via GitHub
2026/04/06 Re: [I] No Application-Level HTTPS Enforcement for API Endpoints (tooling-trusted-releases) via GitHub
2026/04/06 Re: [PR] Bump pygments from 2.19.2 to 2.20.0 (tooling-releases-client) via GitHub
2026/04/06 Re: [PR] Bump pygments from 2.19.2 to 2.20.0 (tooling-releases-client) via GitHub
2026/04/06 Re: [I] HTTP TRACE Method Not Disabled at Apache Reverse Proxy (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] HTTP TRACE Method Not Disabled at Apache Reverse Proxy (tooling-trusted-releases) via GitHub
2026/04/06 Re: [PR] Bump astral-sh/setup-uv from 6.4.3 to 7.6.0 (tooling-releases-client) via GitHub
2026/04/06 Re: [PR] Bump astral-sh/setup-uv from 6.4.3 to 7.6.0 (tooling-releases-client) via GitHub
2026/04/06 [PR] Bump astral-sh/setup-uv from 6.4.3 to 8.0.0 (tooling-releases-client) via GitHub
2026/04/06 Re: [I] Admin User Impersonation Has No Audit Trail (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] Automatically delete unfinished releases (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] Automatically delete unfinished releases (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] Make server startup more efficient (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] Make server startup more efficient (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] Automatically delete unfinished releases (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] Use read only permissions for attestation data once written (tooling-trusted-releases) via GitHub
2026/04/06 Re: [I] Use read only permissions for attestation data once written (tooling-trusted-releases) via GitHub
2026/04/06 [I] Make server startup more efficient (tooling-trusted-releases) via GitHub
2026/04/05 Re: [I] HTTP TRACE Method Not Disabled at Apache Reverse Proxy (tooling-trusted-releases) via GitHub
2026/04/05 Re: [I] HTTP TRACE Method Not Disabled at Apache Reverse Proxy (tooling-trusted-releases) via GitHub
2026/04/05 [I] Document vhost configuration (tooling-trusted-releases) via GitHub
2026/04/05 Re: [I] Require two approvals for important actions (tooling-trusted-releases) via GitHub
2026/04/05 Re: [I] No Explicit Directory Listing Prevention on Docroot (tooling-trusted-releases) via GitHub
2026/04/05 Re: [I] No Explicit Directory Listing Prevention on Docroot (tooling-trusted-releases) via GitHub
2026/04/05 Re: [I] Neither Vhost Sanitizes X-Forwarded-Host (tooling-trusted-releases) via GitHub
2026/04/05 Re: [I] Neither Vhost Sanitizes X-Forwarded-Host (tooling-trusted-releases) via GitHub
2026/04/05 Re: [I] No WebSocket Origin Validation Framework Exists (tooling-trusted-releases) via GitHub
2026/04/05 Re: [I] No WebSocket Origin Validation Framework Exists (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Expired Personal Access Tokens Not Automatically Purged (tooling-trusted-releases) via GitHub
2026/04/03 [I] Principal Authorization Cache Lacks Purge for Inactive Users (tooling-trusted-releases) via GitHub
2026/04/03 [I] Server Does Not Enforce Cipher Suite Preference Order (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Vote Resolution Phase Transitions Lack Optimistic Locking (tooling-trusted-releases) via GitHub
2026/04/03 [I] HTTP TRACE Method Not Disabled at Apache Reverse Proxy (tooling-trusted-releases) via GitHub
2026/04/03 [I] No Comprehensive Endpoint-to-Authorization Mapping (tooling-trusted-releases) via GitHub
2026/04/03 [I] Client-Side JWT Display TypeScript Not Available for Complete Audit (tooling-trusted-releases) via GitHub
2026/04/03 [I] Database Connection URL Logged at Startup (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Release Vote Logic Validation Always Passes Due to Catch-All Pattern (tooling-trusted-releases) via GitHub
2026/04/03 [I] Expired Personal Access Tokens Not Automatically Purged (tooling-trusted-releases) via GitHub
2026/04/03 [I] `nbf` Claim Not Enforced as Required in ATR JWT Verification (tooling-trusted-releases) via GitHub
2026/04/03 [I] Unverified JWT Subject Claim Used for Logging Before Signature Verification (tooling-trusted-releases) via GitHub
2026/04/03 [I] Pre-Release (Release Candidate) Dependency Used in Production (tooling-trusted-releases) via GitHub
2026/04/03 [I] General Library Update Timeframe Is Enforced but Undocumented as Policy (tooling-trusted-releases) via GitHub
2026/04/03 [I] No WebSocket Origin Validation Framework Exists (tooling-trusted-releases) via GitHub
2026/04/03 [I] Client-Side JWT Display TypeScript Not Available for Complete Audit (tooling-trusted-releases) via GitHub
2026/04/03 [I] JWT Audience Values Contain 'test' Identifier (tooling-trusted-releases) via GitHub
2026/04/03 [I] innerHTML Read Used Where textContent Is Appropriate (tooling-trusted-releases) via GitHub
2026/04/03 [I] API Error Responses Leak Internal Error Details (tooling-trusted-releases) via GitHub
2026/04/03 [I] Web-Issued JWTs Lack PAT Binding and Cannot Be Individually Revoked (tooling-trusted-releases) via GitHub
2026/04/03 [I] Vote Casting POST Endpoint Relies on Indirect Phase Check (tooling-trusted-releases) via GitHub
2026/04/03 [I] JWT TTL Documentation Discrepancy (30 Minutes Actual vs 90 Minutes Documented) (tooling-trusted-releases) via GitHub
2026/04/03 [I] Inconsistent CSRF Enforcement Pattern on Admin POST Endpoints (tooling-trusted-releases) via GitHub
2026/04/03 [I] JWT DOM Auto-Clear Lacks Page Lifecycle Event Handlers (tooling-trusted-releases) via GitHub
2026/04/03 [I] Project Deletion Missing Additional Authorization Checks (tooling-trusted-releases) via GitHub
2026/04/03 [I] No Explicit Directory Listing Prevention on Docroot (tooling-trusted-releases) via GitHub
2026/04/03 [I] Documentation Missing Cross-Entity Business Logic Validation Rules (tooling-trusted-releases) via GitHub
2026/04/03 [I] API Models Lack Enum Validation for Phase Parameter (tooling-trusted-releases) via GitHub
2026/04/03 [I] Neither Vhost Sanitizes X-Forwarded-Host (tooling-trusted-releases) via GitHub
2026/04/03 [I] Documentation Does Not Describe Failed Authentication Monitoring and Alerting (tooling-trusted-releases) via GitHub
2026/04/03 [I] PAT Creation Not Audit-Logged (Inconsistency) (tooling-trusted-releases) via GitHub
2026/04/03 [I] Debug print() Bypasses Structured Logging (tooling-trusted-releases) via GitHub
2026/04/03 [I] Missing .dockerignore for Build Context Optimization (tooling-trusted-releases) via GitHub
2026/04/03 [I] Vote Tabulation Authorization Check Commented Out (tooling-trusted-releases) via GitHub
2026/04/03 [I] PAT Validation Exceptions Return HTTP 500 Instead of 401 (tooling-trusted-releases) via GitHub
2026/04/03 [I] No "Revoke All Tokens for ALL Users" Global Capability (tooling-trusted-releases) via GitHub
2026/04/03 [I] SSH Authentication Success Not Logged (tooling-trusted-releases) via GitHub
2026/04/03 [I] JWT TTL Documentation Inconsistency (tooling-trusted-releases) via GitHub
2026/04/03 [I] Unverifiable Session Cookie Write in atr.util (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Session Cookies Signed But Not Encrypted — Documentation Claims Encryption (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] General Library Update Timeframe Is Enforced but Undocumented as Policy (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Client-Side JWT Display TypeScript Not Available for Complete Audit (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] No Explicit Directory Listing Prevention on Docroot (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Debug print() Bypasses Structured Logging (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] User Identity Data Sent to External GitHub API (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] JWT Claims Including User Identity Logged at DEBUG Level (tooling-trusted-releases) via GitHub
2026/04/03 [I] Internal Documentation Publicly Exposed (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Admin Debug Test Route /admin/raise-error Available in Production (tooling-trusted-releases) via GitHub
2026/04/03 [I] GET Blueprint Lacks Centralized Project-Level Authorization (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Database Connection URL Logged at Startup (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Server Does Not Enforce Cipher Suite Preference Order (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Documentation-Code TTL Discrepancy (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] JWT TTL Documentation Discrepancy (30 Minutes Actual vs 90 Minutes Documented) (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Vote Resolution Phase Transitions Lack Optimistic Locking (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Asymmetric Authorization Enforcement Between Read and Write Paths (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] JWT Audience Values Contain 'test' Identifier (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Unverified JWT Subject Claim Used for Logging Before Signature Verification (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Release Vote Logic Validation Always Passes Due to Catch-All Pattern (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] PAT Validation Exceptions Return HTTP 500 Instead of 401 (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] No Comprehensive Endpoint-to-Authorization Mapping (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] PAT Creation Not Audit-Logged (Inconsistency) (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Defense-in-Depth — Missing AllowOverride None in Apache Downloads Directory (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] No "Revoke All Tokens for ALL Users" Global Capability (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Unverifiable Session Cookie Write in atr.util (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] KEYS File Web Upload Lacks Extension Validation (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] HSTS Not Applied at Application Level (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] Text Response Classes Rely on Implicit Charset from Werkzeug (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] ShellResponse Serves Executable Content Without Content-Disposition: attachment (tooling-trusted-releases) via GitHub
2026/04/03 Re: [I] ZipResponse Does Not Enforce Content-Disposition: attachment (tooling-trusted-releases) via GitHub
2026/04/03 [I] Server Does Not Enforce Cipher Suite Preference Order (tooling-trusted-releases) via GitHub
2026/04/03 [I] JWT Claims Including User Identity Logged at DEBUG Level (tooling-trusted-releases) via GitHub
2026/04/03 [I] ZIP Download Streaming Without Size or Time Guards (tooling-trusted-releases) via GitHub
2026/04/03 [I] No Documented Risk-Based Remediation Timeframes for Vulnerable Components (tooling-trusted-releases) via GitHub
2026/04/03 [I] Unbounded Distribution Status Check Loop (tooling-trusted-releases) via GitHub
2026/04/03 [I] Syft Installed via Unverified Remote Script Execution (tooling-trusted-releases) via GitHub
2026/04/03 [I] Admin Debug Test Route /admin/raise-error Available in Production (tooling-trusted-releases) via GitHub
2026/04/03 [I] ZipResponse Does Not Enforce Content-Disposition: attachment (tooling-trusted-releases) via GitHub
2026/04/03 [I] OSV Vulnerability Scanning Has No HTTP Timeout (tooling-trusted-releases) via GitHub
2026/04/03 [I] Thread Message Fetching Without Timeout or Concurrency Limit (tooling-trusted-releases) via GitHub
2026/04/03 [I] No Documented Update Timeframe for npm/Frontend Dependencies (tooling-trusted-releases) via GitHub
2026/04/03 [I] ShellResponse Serves Executable Content Without Content-Disposition: attachment (tooling-trusted-releases) via GitHub
2026/04/03 [I] Full Email Content Logged at INFO Level (tooling-trusted-releases) via GitHub
2026/04/03 [I] Unauthenticated /api/tasks/list Endpoint Exposes Internal Error Details (tooling-trusted-releases) via GitHub
2026/04/03 [I] PAT Validation Exceptions Return HTTP 500 Instead of 401 (tooling-trusted-releases) via GitHub
2026/04/03 [I] API Models Accept Client-Submitted Identity Alongside JWT (tooling-trusted-releases) via GitHub
2026/04/03 [I] Admin Pages Using web.ElementResponse() May Lack Logout Button (tooling-trusted-releases) via GitHub
2026/04/03 [I] No "Revoke All Tokens for ALL Users" Global Capability (tooling-trusted-releases) via GitHub
2026/04/03 [I] WorkflowSSHKey Entries Not Purged After Expiration (tooling-trusted-releases) via GitHub
2026/04/03 [I] Inconsistent Defense-in-Depth in Distribution Endpoints (tooling-trusted-releases) via GitHub
2026/04/03 [I] Unvalidated Identity Parameter in Email and Vote Operations (tooling-trusted-releases) via GitHub
2026/04/03 [I] Vote Duration Not Validated Against Release Policy Minimum (tooling-trusted-releases) via GitHub
2026/04/03 [I] Unbounded PGP Key Block Processing in Bulk Operations (tooling-trusted-releases) via GitHub
2026/04/03 [I] Public API Endpoints Expose Internal Implementation Fields (tooling-trusted-releases) via GitHub
2026/04/03 [I] Session Cache Persists Sensitive Data Indefinitely Without TTL (tooling-trusted-releases) via GitHub
2026/04/03 [I] Swagger UI and OpenAPI Specification Publicly Accessible (tooling-trusted-releases) via GitHub
2026/04/03 [I] Authorization Code Not URL-Encoded in Token Exchange Request (tooling-trusted-releases) via GitHub
2026/04/03 [I] User Identity Data Sent to External GitHub API (tooling-trusted-releases) via GitHub
2026/04/03 [I] PAT Creation Not Audit-Logged (Inconsistency) (tooling-trusted-releases) via GitHub
2026/04/03 [I] General Library Update Timeframe Is Enforced but Undocumented as Policy (tooling-trusted-releases) via GitHub
2026/04/03 [I] Storage Layer Bypassed for Revision Tag Modification (tooling-trusted-releases) via GitHub
2026/04/03 [I] Unverifiable Session Cookie Write in atr.util (tooling-trusted-releases) via GitHub
2026/04/03 [I] Text Response Classes Rely on Implicit Charset from Werkzeug (tooling-trusted-releases) via GitHub
2026/04/03 [I] JWT Audience Values Contain 'test' Identifier (tooling-trusted-releases) via GitHub
2026/04/03 [I] No Formal SBOM for ATR's Own Third-Party Dependencies (tooling-trusted-releases) via GitHub
2026/04/03 [I] Unbounded Response Sizes on Multiple List Endpoints (tooling-trusted-releases) via GitHub
2026/04/03 [I] Admin Pages Using template.blank() May Lack Logout Button (tooling-trusted-releases) via GitHub
2026/04/03 [I] No Update Timeframe or Monitoring for Dockerfile-Installed External Tools (tooling-trusted-releases) via GitHub
2026/04/03 [I] Documentation-Code TTL Discrepancy (tooling-trusted-releases) via GitHub
2026/04/03 [I] Session Cookies Signed But Not Encrypted — Documentation Claims Encryption (tooling-trusted-releases) via GitHub
2026/04/03 [I] Session Cookie Contains PII and Authorization Data in Readable (Signed-But-Not-Encrypted) Format (tooling-trusted-releases) via GitHub
2026/04/03 [I] Unverified JWT Subject Claim Used for Logging Before Signature Verification (tooling-trusted-releases) via GitHub
2026/04/03 [I] Asymmetric Authorization Enforcement Between Read and Write Paths (tooling-trusted-releases) via GitHub
2026/04/03 [I] Defense-in-Depth — Missing AllowOverride None in Apache Downloads Directory (tooling-trusted-releases) via GitHub
2026/04/03 [I] KEYS File Web Upload Lacks Extension Validation (tooling-trusted-releases) via GitHub
2026/04/03 [I] Expired Personal Access Tokens Not Automatically Purged (tooling-trusted-releases) via GitHub
2026/04/03 [I] JWT TTL Documentation Discrepancy (30 Minutes Actual vs 90 Minutes Documented) (tooling-trusted-releases) via GitHub
2026/04/03 [I] HSTS Not Applied at Application Level (tooling-trusted-releases) via GitHub