1. Critical Authentication Bypass Fixed in Legacy Classify Endpoint: Supabase Session Vulnerability Exposed User Data
A critical authentication bypass vulnerability was discovered and patched in a legacy API endpoint, exposing a dangerous misconfiguration in Supabase authentication handling. The `POST /api/classify` endpoint was using `supabase.auth.getSession()` instead of the secure `supabase.auth.getUser()` method, creating a docum...