You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: security hardening and launch docs for chat-sdk-python
Security fixes:
- Teams: reject webhooks when app_id is empty instead of silently
skipping JWT verification (was a complete auth bypass)
- Teams: add issuer validation to JWT decode (require
https://api.botframework.com)
- Teams: validate service_url against SSRF allow-list in open_dm
and _cache_user_context before storing/using untrusted URLs
Performance:
- Slack: cache AsyncWebClient instances by token instead of creating
a new client on every request
Docs:
- README: add "Why chat-sdk?" and "Compared to Alternatives" sections,
update version to 0.0.1a3
- Add CONTRIBUTING.md with dev setup, testing, and PR guidelines
- Add CHANGELOG.md for initial alpha release
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
0 commit comments