- Overlapping (Blue/Green) API client credentials – a newly generated client credential is now immediately valid (ValidFrom = now) and overlaps the existing one, so an owner can test the new credential while the old one still serves production. Stale active credentials are lazily expired to enforce the max-of-2 limit. (#370, MR !4479)
- Cross-customer email subject leak – the Razor template subject cache now uses a SHA-256 key (instead of a collision-prone 32-bit hash) and skips compiling static subjects, preventing the wrong subject being rendered for a different customer. Cache also hardened against a concurrent-eviction race. (#376)
- Forward/resend dropping attachments – forwarding or resending a specific sequence now keeps all of its attachments instead of only the first; scoped to attachments so resend/forward content source is preserved. (#363)
- Scheduled-run queue cleanup plumbing – registered the
RunQueueRemoveReceiver on the web app, confirm run deletion via the audit log before disposing the queue, surface disposal failures as RUNQUEUEREMOVE FAILED, and guard against a null ScheduledRun during compile/update. Includes a RunAuditLog {RunId, Action} index for faster deletion confirmation. (#357)
- False-positive stuck-run alerts – suppressed spurious stuck-run alerts for stages that are not queueable. (#329)
- Noisy expired-run logging – wrapped expired-run viewer exceptions are now logged at WARN (with chain-walk detection of the wrapped
RunExpiredException) instead of surfacing as errors. (#369)