This release introduces five targeted security improvements, including enhanced URL validation to block cloud metadata endpoints and CGNAT, plus a bounded rate-limiter to prevent memory DoS. We've also added strict payload size validation for all text inputs, expanded log redaction for sensitive fields, and replaced bearer-token comparisons with a timing-safe alternative. These changes significantly reduce the attack surface for exposed endpoints and untrusted content inputs.