Per code audit #4388: Wrap _migrate_single_user and _drop_reserved_loaded_users with _config_lock to ensure atomic config reads/writes and prevent potential race conditions during concurrent access. This is a defense-in-depth fix - these methods run at startup before concurrent requests are accepted, but adding the lock makes the code consistent with other config mutations. |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| atomic_io.py | ||
| auth.py | ||
| constants.py | ||
| database.py | ||
| exceptions.py | ||
| log_safety.py | ||
| middleware.py | ||
| models.py | ||
| platform_compat.py | ||
| session_manager.py | ||