John Doe
|
55aa319197
|
Critical security remediation: EventMesh, Gateway, BFT consensus fixes
- A1: Fixed EventMesh null reference crash at startup
- Proper client initialization sequence
- Added try/catch with cleanup on failure
- A2: Fixed Gateway authentication bypass vulnerability
- Token validation now required for WebSocket connections
- Auth enabled by default in production
- A3: Fixed JSON.parse unhandled exception
- Malformed JSON no longer crashes gateway
- Proper error logging and response
- A4: Fixed BFT consensus blocking loops
- Replaced busy-wait with event-driven Promise pattern
- Made BFTConsensus extend EventEmitter
- Added swarm memories migration (003_add_swarm_memories.sql)
- Added REMEDIATION_LOG.md documenting all changes
See audit/SUBREPO_REVIEW_2026-04-04.md for full details
|
2026-04-04 18:50:31 -04:00 |
|