Firewall now strips invisible Unicode characters before keyword matching

Closed a bypass where zero-width, bidirectional-override, and soft-hyphen characters could split a blocked keyword and evade the firewall’s keyword and regex rules. Inbound text is now normalized to remove these characters before matching. The firewall log records when invisible characters were stripped from a blocked message, so administrators can distinguish a deliberate evasion attempt from a benign false positive.

SaaS tenants are already patched. Self-hosted customers should upgrade to v1.6.2 or later.