Highlights
Information Disclosure: 1 prior fix. Scrutinize any change in this area.
lib/JWTManager.php: most-fixed (1 issue). Treat as high-risk during review.
0 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns
The bug types that recur here, drawn from past fixes, not open vulnerabilities.
Information Disclosure: Inadvertent exposure of the JWT private key in system logs or administrative interfaces can lead to complete authentication bypass if an attacker recovers the key. This risk is mitigated by ensuring the configuration value is explicitly marked as sensitive.