OpenDocs
Back to Changelog

v2.2.1 - Security Patch

v2.2.1

This security release addresses a vulnerability in the OAuth token refresh flow and improves rate limiting behavior.

Security Fixes

  • Fixed a vulnerability where expired OAuth refresh tokens could be reused under specific timing conditions
  • Improved token entropy from 128-bit to 256-bit for all new API keys

Bug Fixes

  • Rate limit headers now correctly reflect remaining requests after each call
  • Fixed incorrect Retry-After header values for certain rate limit scenarios

Action Required: If you use OAuth refresh tokens, we recommend rotating all active refresh tokens within the next 30 days as a precautionary measure. No evidence of exploitation has been found.