Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds`
A missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any tenant on the same Hatchet instance could query the endpoint with another tenant's UUID and a DAG UUID belonging to that tenant, and receive task metadata for that DAG. This issue has been patched in v0.83.39. Hatchet Cloud has been patched and requires no action from …