🚨 Medium-severity security fix in undici (7.28.0, 8.5.0) just released!
Patches CVE-2026-9678. undici vulnerable to cross-user information disclosure via shared cache whitespace bypass.
github.com/nodejs/undic...
## Impact
Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream `Cache-Control` header uses whitespace-padded qualified `private` or `no-cache` field na...
