1. GitHub Security Fix: CookieSessionAuthMiddleware Bug Allowed Empty User IDs as Authenticated
A critical security flaw in a widely used authentication middleware has been patched. The vulnerability, tracked in GitHub issue #3410, stemmed from the `CookieSessionAuthMiddleware` incorrectly treating sessions with an empty or missing `user_id` field as fully authenticated users. This bug effectively allowed corrupt...