diff --git a/vetti-admin/target/classes/application.yml b/vetti-admin/target/classes/application.yml
index 92c58d2..971effa 100644
--- a/vetti-admin/target/classes/application.yml
+++ b/vetti-admin/target/classes/application.yml
@@ -70,6 +70,10 @@ swagger:
   pathMapping: /prod-api
 #################################### Swagger end ###################################
 
+server:
+  error:
+    include-stacktrace: never  # 永不输出 trace 信息
+
 # 防止XSS攻击
 xss:
   # 过滤开关
diff --git a/vetti-framework/src/main/java/com/vetti/framework/config/SecurityConfig.java b/vetti-framework/src/main/java/com/vetti/framework/config/SecurityConfig.java
index eaa7950..761ae61 100644
--- a/vetti-framework/src/main/java/com/vetti/framework/config/SecurityConfig.java
+++ b/vetti-framework/src/main/java/com/vetti/framework/config/SecurityConfig.java
@@ -111,7 +111,9 @@ public class SecurityConfig
             .authorizeHttpRequests((requests) -> {
                 permitAllUrl.getUrls().forEach(url -> requests.antMatchers(url).permitAll());
                 // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                requests.antMatchers("/login", "/register", "/captchaImage","/aiCommon/**","/voice-websocket/**").permitAll()
+                requests.antMatchers("/login", "/register", "/captchaImage","/aiCommon/**",
+                                "/voice-websocket/**","/verification/email/send","/verification/email/verify","/verification/phone/send",
+                                "/forgotPassword").permitAll()
                     // 静态资源，可匿名访问
                     .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
                     .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()