Peter Steinberger
621d8e1312
fix(sandbox): require noVNC observer password auth
2026-02-21 13:44:24 +01:00
Peter Steinberger
6cb7e16d40
fix(oauth): harden refresh token refresh-response validation
2026-02-21 13:44:14 +01:00
Henry Loenwind
24d18d0d72
fix: Correct data path in SKILL.md (coding-agent) ( #11009 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: f7e56b80c61485873+HenryLoenwind@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
2026-02-21 18:09:25 +05:30
Peter Steinberger
be7f825006
refactor(gateway): harden proxy client ip resolution
2026-02-21 13:36:23 +01:00
Ayaan Zaidi
8b1fe0d1e2
fix(telegram): split streaming preview per assistant block ( #22613 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 26f35f441122031114+obviyus@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
2026-02-21 18:05:23 +05:30
Peter Steinberger
36a0df423d
refactor(gateway): make ws and http auth surfaces explicit
2026-02-21 13:33:09 +01:00
Peter Steinberger
1835dec200
fix(security): force sandbox browser hash migration and audit stale labels
2026-02-21 13:25:41 +01:00
Peter Steinberger
b2d84528f8
refactor(test): remove duplicate cron tool harnesses
2026-02-21 12:25:23 +00:00
Peter Steinberger
f4c89aa66e
docs(changelog): add tts provider-override hardening note
2026-02-21 13:24:42 +01:00
Peter Steinberger
9516ace3c9
docs(changelog): note ACP resource-link prompt hardening
2026-02-21 13:23:51 +01:00
Peter Steinberger
14b0d2b816
refactor: harden control-ui auth flow and add insecure-flag audit summary
2026-02-21 13:18:23 +01:00
Peter Steinberger
4cd7d95746
style(browser): apply oxfmt cleanup for gate
2026-02-21 13:16:07 +01:00
Peter Steinberger
f265d45840
fix(tts): make model provider overrides opt-in
2026-02-21 13:16:07 +01:00
Peter Steinberger
d25a106628
docs(changelog): add tailscale auth hardening release note
2026-02-21 13:08:06 +01:00
Peter Steinberger
f202e73077
refactor(security): centralize host env policy and harden env ingestion
2026-02-21 13:04:39 +01:00
Peter Steinberger
08e020881d
refactor(security): unify command gating and blocked-key guards
2026-02-21 13:04:37 +01:00
Peter Steinberger
356d61aacf
fix(gateway): scope tailscale tokenless auth to websocket
2026-02-21 13:03:13 +01:00
Peter Steinberger
6aa11f3092
fix(acp): harden resource link metadata formatting
2026-02-21 13:00:02 +01:00
Peter Steinberger
073651fb57
docs: add sponsors section to README
2026-02-21 13:00:02 +01:00
Peter Steinberger
b577228d6b
test(security): add overflow compaction truncation-budget regression
2026-02-21 12:59:10 +01:00
Aether AI Agent
084f621025
fix(security): OC-65 prevent compaction counter reset to enforce context exhaustion limit — Aether AI Agent
...
Remove the `overflowCompactionAttempts = 0` reset inside the inner loop's
tool-result-truncation branch. The counter was being zeroed on each truncation
cycle, allowing prompt-injection attacks to bypass the MAX_OVERFLOW_COMPACTION_ATTEMPTS
guard and trigger unbounded auto-compaction, exhausting context window resources (DoS).
CWE-400 / GHSA-x2g4-7mj7-2hhj
2026-02-21 12:59:10 +01:00
Peter Steinberger
2b76901f35
docs(changelog): credit reporter for control-ui auth hardening
2026-02-21 12:57:22 +01:00
Peter Steinberger
99048dbec2
fix(gateway): align insecure-auth toggle messaging
2026-02-21 12:57:22 +01:00
Peter Steinberger
810218756d
docs(security): clarify trusted-host deployment assumptions
2026-02-21 12:53:12 +01:00
Peter Steinberger
ede496fa1a
docs: clarify trusted-host assumption for tokenless tailscale
2026-02-21 12:52:49 +01:00
Peter Steinberger
fbb79d4013
fix(security): harden runtime command override gating
2026-02-21 12:49:57 +01:00
Peter Steinberger
cb84c537f4
fix: normalize status auth cost handling and models header tests
2026-02-21 12:45:06 +01:00
Peter Steinberger
e393d7aa5b
docs(changelog): clarify Security/Exec release note
2026-02-21 12:44:20 +01:00
Peter Steinberger
dff61a10e1
docs(changelog): add windows system.run approval mismatch fix note
2026-02-21 11:58:40 +01:00
Santiago Medina Rolong
11f6bea598
add secret safety
2026-02-21 11:58:14 +01:00
Santiago Medina Rolong
8db5e77ffa
skills: fmt
2026-02-21 11:58:14 +01:00
Santiago Medina Rolong
da844d6411
skills: update xurl description
2026-02-21 11:58:14 +01:00
Santiago Medina
ac2ef69454
Update skills/xurl/SKILL.md
...
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-02-21 11:58:14 +01:00
Santiago Medina Rolong
635b6298e3
skills: add xurl skill
2026-02-21 11:58:14 +01:00
Peter Steinberger
283029bdea
refactor(security): unify webhook auth matching paths
2026-02-21 11:52:34 +01:00
Peter Steinberger
6007941f04
fix(security): harden and refactor system.run command resolution
2026-02-21 11:49:38 +01:00
Peter Steinberger
5cc631cc9c
fix(agents): harden model-skip and tool-policy imports
2026-02-21 11:48:02 +01:00
Peter Steinberger
55aaeb5085
refactor(browser): centralize navigation guard enforcement
2026-02-21 11:46:11 +01:00
Peter Steinberger
2cdbadee1f
fix(security): block startup-file env injection across host execution paths
2026-02-21 11:44:20 +01:00
Peter Steinberger
6b2f2811dc
fix(security): require BlueBubbles webhook auth
2026-02-21 11:41:50 +01:00
Peter Steinberger
220bd95eff
fix(browser): block non-network navigation schemes
2026-02-21 11:31:53 +01:00
Peter Steinberger
c6ee14d60e
fix(security): block grep safe-bin file-read bypass
2026-02-21 11:18:29 +01:00
Ayaan Zaidi
f81522af2e
fix(docker): install Playwright Chromium into node cache ( #22585 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 84dc9ffccd22031114+obviyus@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
2026-02-21 15:48:27 +05:30
Peter Steinberger
75d4f6d51b
docs: reorder and trim 2026.2.21 changelog entries
2026-02-21 11:12:58 +01:00
Peter Steinberger
eccff0b6c0
docs: relabel dependency hygiene changelog entries
2026-02-21 11:05:05 +01:00
Peter Steinberger
9231d7d30f
chore: bump version to 2026.2.21
2026-02-21 11:02:30 +01:00
Ayaan Zaidi
677384c519
refactor: simplify Telegram preview streaming to single boolean ( #22012 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: a4017d3b9422031114+obviyus@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
2026-02-21 15:19:13 +05:30
Ayaan Zaidi
e1cb73cdeb
fix: unblock Docker build by aligning commands schema default ( #22558 )
...
Merged via /review-pr -> /prepare-pr -> /merge-pr.
Prepared head SHA: 1ad610176d22031114+obviyus@users.noreply.github.com >
Co-authored-by: obviyus <22031114+obviyus@users.noreply.github.com >
Reviewed-by: @obviyus
2026-02-21 14:47:28 +05:30
Vincent Koc
3f19259843
Update bug_report.yml
2026-02-21 04:06:07 -05:00
Vincent Koc
d2a7293744
Docs: issue template copy cleanup ( #22546 )
...
* docs: reduce channel-specific wording in feature template placeholder
* docs: make bug report template placeholders version-neutral
* docs: fix YAML indentation in bug report placeholder
* docs: fix indentation of version field in bug report template
2026-02-21 03:43:35 -05:00
