Contains changes that address CVE-2026-42047
#1470 1a5b63a8 Thanks @amh4r! - Fix checkpointing maxRuntime causing duplicate execution
cb20b4aa6250689cb3abe762a2aa18a483ce816e - Ensure runIds are properly URI encoded in Durable Endpoints
cb20b4aa6250689cb3abe762a2aa18a483ce816e - Improves HMAC signature verification by using a constant-time comparison, which mitigates a potential timing-based signature-recovery attack against the request signature. Also improves handling of timestamps in signatures, including malformed or future-dated values.
cb20b4aa6250689cb3abe762a2aa18a483ce816e - Hash the signing key used when exporting OTel traces
Fetched April 28, 2026