Gradio 5 security audit fixes validated by Trail of Bits — apply deployment hardening

AI Impact Summary

Gradio 5 underwent an independent security audit by Trail of Bits, and fixes are included in the 5.0 release. The audit identified risk areas across local deployments, Spaces deployments, share links, and CI pipelines, including CORS misconfigurations, SSRF, arbitrary file uploads with potential XSS, a race condition for traffic rerouting, and RCE via a misconfigured nginx exposing the docker API. Gradio has added security tests, fuzzing, and Semgrep analysis; deployment users should still apply the documented hardening (secure CORS, encrypted frp traffic, hardened nginx, and trusted CI actions) to avoid exploitation.