Hardening UCAN: closing an issuer spoof and a capability escape
· 7 min read
Convex 0.8.6 closes three authentication and merge-path weaknesses in the lattice's capability layer. Two of them were genuine bypasses in how UCAN tokens are verified and how capabilities are matched; the third turns a merge over untrusted data from a potential denial of service into a safe no-op. None of them are exotic — they are the kind of boundary bugs that hide in any authorisation system — and the fixes are worth writing down because the shape of each mistake is instructive.
