Strengthened access controls and authentication across the platform
Tightened authentication and authorization across several areas of the platform to prevent unauthorized access to organization data, notifications, and shared content.
Shared project links now include rate limiting on token validation, reducing exposure to automated guessing attempts. Organization settings and notification preferences are now verified against your actual membership before any data is returned — passing an arbitrary organization identifier no longer grants read access. A domain-matching shortcut in the permission layer that could allow one account to inherit another's access has been removed. Background job endpoints now require a valid secret to be configured before they will run. Administrative organization switching now produces an audit log entry on every use.
No action is needed on your end. Existing share links, notification settings, and organization access work as before for users and administrators with the correct permissions.