Epic: SSRF mitigation and information leakage #624
Description
Summary
DNS rebinding possible in scrape executor, secret redaction misses embedded secrets, A2A error responses expose internals, rate limiter HashMap grows unbounded.
Child Issues
- Add DNS resolution validation in scrape executor #653 Add DNS resolution validation in scrape executor
- Replace whitespace-based secret redaction with regex scanning #654 Replace whitespace-based secret redaction with regex scanning
- Sanitize A2A JSON-RPC error responses #655 Sanitize A2A JSON-RPC error responses
- Switch rate limiter to LRU eviction #656 Switch rate limiter to LRU eviction