```release-note:security
security: Fix a security vulnerability where the attacker could bypass authentication by passing url params as there was no validation on them.
```
