Writing · Tag

Articles tagged "bola".

1 article on this topic.

·9 min read · lovable , lovable-security , supabase

How to audit a Lovable app after the BOLA disclosure: a 6-hour rotation playbook

Lovable's April 2026 BOLA vulnerability exposed projects created before November 2025. Here is the audit checklist I ran on a client's Supabase-backed Lovable app, the 6-hour key rotation that followed, and the Chrome-extension SDK migration nobody warned us about.

How to audit a Lovable app after the BOLA disclosure: a 6-hour rotation playbook: cover image
← All articles