- Auth docs now include clearer examples for user-owned rows.
- Teams using custom claims should review policy snippets before copying them.
Backend updates in 2026-w20
- Fixed multiple security issues including a crypto null‑pointer dereference, URL parsing crash for malformed UNC hostnames, a zlib use‑after‑free on reset, HTTP keep‑alive socket reuse race, and an HTTP/2 file‑handle leak
- Resolved numerous core bugs such as module resolution double‑invocation, source‑map URL parsing, stream chunk boundary checks, and sync resolve hook handling
- Introduced a new ESM feature: separate cache for require('esm') when importing CJS modules, plus upgrades to npm (10.9.8) and OpenSSL (3.5.6)
- Multi-platform builds can reuse cache layers more predictably.
- CI pipelines with ARM and x86 targets may see shorter build times.