1. Template Injection Flaw in Email Construction Module Allows Identity Confusion Attacks
A security researcher has identified a template injection vulnerability in the email template construction logic of `atr/construct.py` that could allow committers to inject arbitrary template variables into system-generated emails. The flaw stems from sequential `str.replace()` operations that fail to escape template m...