FixedJuly 4, 2026
Hardened outbound requests from server handlers
Server-side handlers that make network requests are now protected against server-side request forgery. Outbound URLs are validated, redirects are checked, and connections are pinned to the vetted IP addresses to prevent DNS-rebinding attacks from reaching internal services.