OpenClaw's hooks count non-POST requests toward auth lockout

OpenClaw's hooks HTTP handler counted hook authentication failures before rejecting unsupported HTTP methods. An unauthenticated client could send repeated non-POST requests for example GET with an invalid token to consume the hook auth failure budget and trigger the temporary lockout window for...

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime by creating a unique cache entry for each MatchInfoError when a request method is not allowed. This can lead to unbounded cache growth, resulting in a memory leak. Remediation Upgrade...