openclawd/config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Session 48d: removed Change Email feature (security hardening)

Browse source
This commit is contained in:
Hoid 2026-02-17 11:44:38 +00:00
parent c50b1a03b7
commit dae4355951
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
projects/business/memory/sessions.md
View file

@ -1128,3 +1128,10 @@
- Add `customer.updated` AND `customer.subscription.updated` to Stripe webhook events - Add `customer.updated` AND `customer.subscription.updated` to Stripe webhook events
- Fix MX DNS record (BUG-050) - Fix MX DNS record (BUG-050)
- Enable Stripe invoice emails (BUG-049) - Enable Stripe invoice emails (BUG-049)
## Session 48d — 2026-02-17 11:38 UTC (Security Hardening)
- **REMOVED Change Email feature entirely** (investor decision — security issue: leaked API key = account hijack)
- Deleted: change-email.html page, email-change.ts API routes, footer links, sitemap entry
- Kept: Stripe `customer.updated` webhook for Pro email sync, `updateEmailByCustomer()` in keys.ts
- Commit f5cea97 deployed, verified: /change-email returns 404, zero references in HTML
- Free tier users can create new key with new email; Pro users get email synced from Stripe