@sim4n6 discovered a bypass of the domain deny_list rule in github.com/stripe/smokescreen using double brackets. This could have led to a server-side request forgery (SSRF) vulnerability for users of smokescreen. The vulnerability was caused by only stripping one set of brackets before processing a domain and was resolved by stripping all sets of brackets.