ForgeRock
Team
forgerock
fix(token-vault): replace substring URL matching with strict equality Fixes a security vulnerability where evaluateUrlForInterception used .includes() for URL matching, allowing allow-list bypass via query parameter injection (e.g. https://evil.com?https://valid.com). Replaces .includes() with === for exact string comparison. Blob URLs now require explicit wildcard patterns (blob:https://origin/*). Also removes @forgerock/token-vault from changeset ignore list to enable re-release.
nx-cloud record -- nx format:check --verbose
Sign in / Sign up
Open main menu
Succeeded
CI Pipeline Execution
nx-cloud record -- nx format:check --verbose
Click to copy
Linux
4 CPU cores
8c89b7c9
580