← Back to Clusters

Security Enhancements and Fixes

This cluster focuses on improving security measures and addressing related fixes within the framework.

21 PRs
security security auth voice-call Representative: #23355
# Title Author Created GitHub
7654 feat(security): zero-trust localhost auth with DNS rebinding protection joncode 2026-02-03 View
10239 Security: Add production guard for skipSignatureVerification StreetJammer 2026-02-06 View
11740 fix(gateway): remove IP-based canvas auth fallback coygeek 2026-02-08 View
12434 Add K8s support with SA Trust architecture NTurakulov 2026-02-09 View
19487 fix(voice-call): add .ngrok-free.dev to ngrok free tier domain check kalichkin 2026-02-17 View
19515 security: add per-connection WebSocket rate limiting Mozzzaic 2026-02-17 View
19887 fix: allow node role to call health RPC apple-techie 2026-02-18 View
21101 Security/Voice Call: gate skipSignatureVerification to local-dev or explicit ... bmendonca3 2026-02-19 View
21102 Android/Security: require TLS for non-loopback gateway sessions bmendonca3 2026-02-19 View
21103 Android/Security: exclude device identity from backups bmendonca3 2026-02-19 View
21128 Security/Voice Call: require trusted proxy IPs for forwarded-header trust bmendonca3 2026-02-19 View
21197 Security/Voice Call: enforce exact webhook path matching bmendonca3 2026-02-19 View
21288 Security/Voice: reject malformed Host headers in webhook+WS server bmendonca3 2026-02-19 View
21529 Gateway: allow node health and throttle repeated unauthorized role retries doomsday616 2026-02-20 View
22112 fix(doctor): warn when gateway is network-exposed without TLS pierreeurope 2026-02-20 View
22227 fix(security): harden gateway auth — audit logging, pairing, mode validation novalis133 2026-02-20 View
23355 Gateway: fail closed on untrusted proxy headers rep bmendonca3 2026-02-22 View
23425 Gateway: require trusted-proxy allowlist unless allowAll is explicit bmendonca3 2026-02-22 View
23714 Gateway: add websocket ingress limits for DoS hardening bmendonca3 2026-02-22 View
23735 Gateway: add first-class wss validation and remote TLS guidance bmendonca3 2026-02-22 View
23742 Gateway: add optional mTLS client-cert enforcement for non-loopback TLS bmendonca3 2026-02-22 View