v2.0.9 — Security & performance
A security-hardening and performance release. No breaking changes; existing deployments update in place.
Security
- SSRF guards on every server-side fetch of an operator-supplied URL — outbound webhooks and credential "test connection" probes now refuse private/loopback/metadata targets (opt back in for trusted LAN hosts). (#277–#279)
- Intelligence service token — the AI
/v1API now requires a sharedINTEL_SERVICE_TOKEN(generated per install), closing the one tenant-data path that sat outside Postgres RLS. (#280) - Rate-limit resilience — the gateway limiter degrades gracefully instead of 500-ing the API when Redis is briefly down. (#281)
- Kubernetes NetworkPolicy (opt-in) restricting the AI plane to web + workers, and pinned floating sidecar image tags. (#282)
- Dependency advisories patched: protobufjs, js-yaml, cryptography, starlette. (#276)
Performance
- Opt-in PgBouncer transaction pooling for the RLS app connection — verified safe (the tenant id is transaction-local). (#283, ADR-0022)
- Shared write-key cache on the ingest hot path. (#284, ADR-0023)
Full write-up: docs/security/audit-2.0.9.md.