Last updated: 2026-07-11
Removed default-password fallback from /api/cron/* and /api/push/send routes. CRON_SECRET env var is now required.