vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-12 17:51:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
40c5edb5b1ca4ffe01583bc29dc79d3dc9ebf2dc
openclaw/extensions
History
Davanum Srinivas 08ae021d1f fix(qqbot): guard image-size probe against SSRF (#63495) 
* fix(qqbot): replace raw fetch in image-size probe with SSRF-guarded fetchRemoteMedia

Replace the bare fetch() in getImageSizeFromUrl() with fetchRemoteMedia()
from the plugin SDK, closing the blind SSRF via markdown image dimension
probing (GHSA-2767-2q9v-9326).

fetchRemoteMedia options: maxBytes 65536, maxRedirects 0, generic
public-network-only SSRF policy (no hostname allowlist, blocks
private/reserved/loopback/link-local/metadata IPs after DNS resolution).

Also fixes the repo-root resolution in scripts/lib/ts-guard-utils.mjs
which caused lint:tmp:no-raw-channel-fetch to miss extension files
entirely. The guard now walks up to .git instead of hardcoding two parent
traversals, and the allowlist is refreshed with all pre-existing raw
fetch callsites that became visible.

* fix(qqbot): guard image-size probe against SSRF (#63495) (thanks @dims)

---------

Co-authored-by: sliverp <870080352@qq.com>
2026-04-09 16:48:04 +08:00
..
acpx
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
alibaba
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
amazon-bedrock
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
amazon-bedrock-mantle
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
anthropic
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
anthropic-vertex
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
arcee
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
bluebubbles
fix(bluebubbles): remove status type barrel cycle
2026-04-09 09:22:11 +01:00
brave
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
browser
test: update browser and reply mocks for direct imports
2026-04-09 05:52:07 +01:00
byteplus
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
chutes
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
cloudflare-ai-gateway
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
comfy
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
copilot-proxy
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
deepgram
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
deepseek
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
device-pair
refactor: dedupe tlon and voice-call lowercase helpers
2026-04-07 13:44:42 +01:00
diagnostics-otel
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
diffs
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
discord
test: isolate discord model picker dispatch mock
2026-04-09 08:04:53 +01:00
duckduckgo
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
elevenlabs
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
exa
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
fal
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
feishu
fix(feishu): remove runtime api type cycle
2026-04-09 09:23:52 +01:00
firecrawl
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
fireworks
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
github-copilot
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
google
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
googlechat
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
groq
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
huggingface
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
image-generation-core
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
imessage
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
irc
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
kilocode
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
kimi-coding
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
line
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
litellm
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
llm-task
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
lobster
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
matrix
Matrix: gate legacy crypto migration on inspector availability
2026-04-09 01:38:58 -04:00
mattermost
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
media-understanding-core
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
memory-core
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
memory-lancedb
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
memory-wiki
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
microsoft
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
microsoft-foundry
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
minimax
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
mistral
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
moonshot
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
msteams
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
nextcloud-talk
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
nostr
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
nvidia
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
ollama
test: run Ollama stream coverage inside plugin
2026-04-09 06:13:39 +01:00
open-prose
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
openai
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
opencode
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
opencode-go
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
openrouter
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
openshell
fix(openshell): split fs bridge backend types
2026-04-09 09:17:29 +01:00
perplexity
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
phone-control
refactor: dedupe misc lowercase helpers
2026-04-07 22:24:32 +01:00
qa-channel
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
qa-lab
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
qianfan
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
qqbot
fix(qqbot): guard image-size probe against SSRF (#63495)
2026-04-09 16:48:04 +08:00
qwen
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
runway
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
searxng
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
sglang
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
shared
test: trim whatsapp channel test barrels
2026-04-03 16:39:47 +01:00
signal
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
slack
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
speech-core
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
stepfun
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
synology-chat
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
synthetic
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
talk-voice
refactor: dedupe ui provider lowercase helpers
2026-04-07 20:58:01 +01:00
tavily
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
telegram
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
thread-ownership
refactor: dedupe provider trimmed readers
2026-04-08 00:09:41 +01:00
tlon
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
together
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
twitch
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
venice
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
vercel-ai-gateway
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
video-generation-core
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
vllm
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
voice-call
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
volcengine
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
vydra
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
webhooks
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
whatsapp
fix(whatsapp): drain reconnect queue after WhatsApp reconnects (#30806) (#46299)
2026-04-09 02:33:36 -03:00
xai
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
xiaomi
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
zai
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
zalo
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
zalouser
chore: bump version to 2026.4.10
2026-04-09 03:56:22 +01:00
.npmignore
AGENTS.md
docs(agents): tighten provider boundary guidance
2026-04-04 14:13:46 +09:00
CLAUDE.md
Docs: add boundary AGENTS guides (#56647)
2026-03-28 20:22:03 -04:00
music-generation-providers.live.test.ts
fix: stabilize media live provider coverage
2026-04-06 19:15:31 +01:00
tsconfig.package-boundary.base.json
refactor(cli): normalize route boundaries
2026-04-06 15:38:04 +01:00
tsconfig.package-boundary.paths.json
perf(plugin-sdk): split channel secret runtime helpers
2026-04-07 13:09:12 +01:00
video-generation-providers.live.test.ts
fix: stabilize media live provider coverage
2026-04-06 19:15:31 +01:00