This update includes import at security fixes.
- Added canonical FourEye signing JSON on Keeper and SDK sides.
- Sorted JSON object fields recursively for signing while preserving array order.
- Aligned FourEye approval hashes for sign, generate, decrypt, and key destroy flows.
- Fixed SDK & server signing parity for nested policy and command objects.
- Changed FourEye approver keys to ordered list semantics and kept duplicate-key rejection.
- Fixed JWT
expvalidation, addednbfvalidation with configurableclock-skewand added optional JWT issuer binding viaauth.jwt.issuer. - Hardened internal auth query canonicalization against duplicate decoded query keys.
- Rejected query signing transcript separators in query keys and values.
- Fixed SSL trust context factory binding to internal clients.