vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: document profile dotenv bootstrap ordering in changelog (#31950) (thanks @bmendonca3)

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-02 18:09:34 +00:00
parent e673b51068
commit f40d8dd6ad
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -46,6 +46,7 @@ Docs: https://docs.openclaw.ai
### Fixes
- CLI/Profile dotenv ordering: apply `--profile` env defaults before `loadDotEnv()` in direct `runCli` paths so profile-scoped `.env` files are resolved correctly instead of default-profile `.env` values leaking into profiled runs. (#31950) Thanks @bmendonca3.
- Security/Node exec approvals: preserve shell/dispatch-wrapper argv semantics during approval hardening so approved wrapper commands (for example `env sh -c ...`) cannot drift into a different runtime command shape, and add regression coverage for both approval-plan generation and approved runtime execution paths. Thanks @tdjackey for reporting.
- Sandbox/Bootstrap context boundary hardening: reject symlink/hardlink alias bootstrap seed files that resolve outside the source workspace and switch post-compaction `AGENTS.md` context reads to boundary-verified file opens, preventing host file content from being injected via workspace aliasing. Thanks @tdjackey for reporting.
- Browser/Security output boundary hardening: replace check-then-rename output commits with root-bound fd-verified writes, unify install/skills canonical path-boundary checks, and add regression coverage for symlink-rebind race paths across browser output and shared fs-safe write flows. Thanks @tdjackey for reporting.