Closing the gap: prepared-statement coverage now spans every code path
· 3 min read
flAPI v26.05.18 is out. This is a focused follow-up to v26.05.17's security roadmap. After yesterday's release, an internal audit caught that the prepared-statement bind was only wired into the GET executor — POST/PUT/PATCH writes and the Arrow-streaming endpoint still rendered Mustache templates as strings. This release closes that gap and adds the test corpus to prove it.