2026.03-security-1
- Security
Security fix: ingest endpoint rejected malformed JWTs with the wrong error class.
A malformed JWT submitted to the ingest endpoint was returning
500 Internal Server Error instead of 401 Unauthorized. No tenant data
was exposed — the token still failed to validate and no downstream
processing ran — but the response class was incorrect, and the timing
difference between the two paths could in principle have been used as a
weak oracle to distinguish a live tenant ingest endpoint from a
non-existent one.
The ingest handler now returns 401 Unauthorized with a generic body for
every malformed, expired, or unknown-key token. Response timing is now
independent of which validation step failed.
The fix is live in all regions. Internal advisory ID: GS-ADV-2026-001.
- Affects
- All tenants. The bug did not expose tenant data — tokens still failed to validate — but the 500-class response obscured the cause and could be used to distinguish live endpoints from non-existent ones.
- Action required
- None. The fix is server-side and deployed to all regions.
- Advisory
- GS-ADV-2026-001
- Links