da5069bded
This change ensures that a token's expiry is checked before every event is sent to the caller. Previously, a token could still be used to listen for events after it had expired, as long as the subscription was made while it was unexpired. This would last until the token was garbage collected from state. The check occurs within the RPC as there is currently no state update when a token expires.
4 lines
119 B
Plaintext
4 lines
119 B
Plaintext
```release-note:security
|
|
event stream: Fixed a bug where ACL token expiration was not checked when emitting events
|
|
```
|