Hi everyone, Last night, a security researcher discovered a potential exploit to the forgot password flow for self-hosted GrowthBook instances. A fix is live now under the Docker tags latest and 2.7.1. This exploit does not apply for cloud users or if you have SSO enabled. We have not seen this exploit in the wild. If you are self-hosting and not using SSO please upgrade soon. We also added some general guidelines for hardening your self-hosted GrowthBook installation for production. Please feel free to ask questions in this thread or DM me.