vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-12 09:41:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f93b2178342c1a6ac309b1358d9bece3f2f10e67
openclaw/src
History
Andrew Demczuk bffb83acf8 fix(gateway): stop SSRF guard rejecting operator-configured proxy hostnames (#62312) 
When allowPrivateProxy is true, the explicit proxy hostname is operator-
configured and trusted. The SSRF guard was checking the proxy hostname
against the target-scoped hostnameAllowlist (e.g. ["api.telegram.org"]),
which rejected localhost and other local proxy hostnames. This broke
Telegram media downloads (and any channel using a local proxy) after
the url-fetch security hardening in 2026.4.x.

Clear the hostnameAllowlist for the proxy hostname check while keeping
private-network IP validation in place via allowPrivateNetwork.

Fixes #61906

Co-authored-by: Devin Robison <drobison00@users.noreply.github.com>
2026-04-07 13:22:21 -06:00
..
acp
refactor: dedupe acp lowercase helpers
2026-04-07 15:53:50 +01:00
agents
feat: add cover image support to Discord event create (#60883)
2026-04-07 13:40:39 -05:00
auto-reply
Refactor: centralize native approval lifecycle assembly (#62135)
2026-04-07 14:40:26 -04:00
bindings
bootstrap
canvas-host
refactor: dedupe remaining lowercase helpers
2026-04-07 15:12:32 +01:00
channels
Refactor: centralize native approval lifecycle assembly (#62135)
2026-04-07 14:40:26 -04:00
chat
cli
feat: add cover image support to Discord event create (#60883)
2026-04-07 13:40:39 -05:00
commands
test: speed up provider auth onboarding test
2026-04-07 17:36:41 +01:00
compat
config
fix(test): refresh schema snapshot and stabilize channel registry
2026-04-07 20:04:29 +01:00
context-engine
feat: expose prompt-cache runtime context to context engines (#62179)
2026-04-07 09:29:57 -07:00
cron
Tests: tighten cron timeout start handshakes
2026-04-08 01:20:00 +08:00
daemon
refactor: dedupe core lowercase helpers
2026-04-07 15:12:32 +01:00
docs
flows
fix: restore ci after trim reader dedupe
2026-04-07 06:42:34 +01:00
gateway
fix(browser): align browser.proxy profile mutation guards (#60489)
2026-04-07 13:00:21 -06:00
hooks
refactor: dedupe approval and routing readers
2026-04-07 07:36:11 +01:00
i18n
image-generation
refactor: dedupe lowercase helper readers
2026-04-07 15:12:32 +01:00
infra
fix(gateway): stop SSRF guard rejecting operator-configured proxy hostnames (#62312)
2026-04-07 13:22:21 -06:00
interactive
refactor: dedupe reply lowercase helpers
2026-04-07 10:37:39 +01:00
link-understanding
logging
refactor: dedupe shared normalizer readers
2026-04-07 08:40:35 +01:00
markdown
mcp
refactor: dedupe shared string aliases
2026-04-07 09:44:53 +01:00
media
refactor: dedupe media and discord lowercase helpers
2026-04-07 13:44:41 +01:00
media-generation
fix(test): restore support shard boundaries
2026-04-07 08:59:23 +01:00
media-understanding
refactor: dedupe core lowercase helpers
2026-04-07 15:12:32 +01:00
memory-host-sdk
refactor: dedupe extension lowercase helpers
2026-04-07 15:12:32 +01:00
music-generation
refactor: dedupe lowercase helper readers
2026-04-07 15:12:32 +01:00
node-host
refactor: dedupe daemon lowercase helpers
2026-04-07 13:44:42 +01:00
pairing
refactor: dedupe infra lowercase helpers
2026-04-07 13:01:23 +01:00
plugin-sdk
Refactor: centralize native approval lifecycle assembly (#62135)
2026-04-07 14:40:26 -04:00
plugins
test: speed up plugin cli tests
2026-04-07 19:59:46 +01:00
process
refactor: dedupe path lowercase helpers
2026-04-07 15:53:50 +01:00
realtime-transcription
refactor: dedupe provider registry normalizers
2026-04-07 10:37:38 +01:00
realtime-voice
refactor: dedupe provider registry normalizers
2026-04-07 10:37:38 +01:00
routing
refactor: dedupe routing lowercase helpers
2026-04-07 11:18:18 +01:00
scripts
test: stabilize scoped runners and qa ports
2026-04-07 15:28:46 +01:00
secrets
refactor: dedupe lowercase helper readers
2026-04-07 15:12:32 +01:00
security
refactor: dedupe extension lowercase helpers
2026-04-07 15:12:32 +01:00
sessions
fix: restore ci type compatibility
2026-04-07 13:44:42 +01:00
shared
refactor: dedupe infra lowercase helpers
2026-04-07 13:01:23 +01:00
tasks
Tests: fix provider artifact typing
2026-04-07 10:07:06 +01:00
terminal
refactor: dedupe infra lowercase helpers
2026-04-07 15:53:50 +01:00
test-helpers
refactor: dedupe extension lowercase helpers
2026-04-07 15:12:32 +01:00
test-utils
perf(plugin-sdk): split light facade loader
2026-04-07 06:22:35 +01:00
tts
refactor: dedupe core lowercase helpers
2026-04-07 15:12:32 +01:00
tui
refactor: dedupe plugin lowercase helpers
2026-04-07 15:53:50 +01:00
types
utils
refactor: dedupe provider lowercase helpers
2026-04-07 15:53:50 +01:00
video-generation
refactor: dedupe lowercase helper readers
2026-04-07 15:12:32 +01:00
web
web-fetch
fix(build): drop duplicate web fetch helper
2026-04-07 13:34:20 +01:00
web-search
refactor: dedupe core lowercase helpers
2026-04-07 15:12:32 +01:00
wizard
refactor: dedupe infra cli wizard error formatting
2026-04-07 02:03:34 +01:00
browser-lifecycle-cleanup.test.ts
browser-lifecycle-cleanup.ts
channel-web.ts
docker-build-cache.test.ts
Tests: fix e2e Docker cache expectation
2026-04-07 03:23:58 +08:00
docker-image-digests.test.ts
docker-setup.e2e.test.ts
dockerfile.test.ts
fix: make qa lab docker boot resilient
2026-04-07 09:04:18 +01:00
entry.respawn.test.ts
entry.respawn.ts
entry.test.ts
entry.ts
entry.version-fast-path.test.ts
extensionAPI.ts
global-state.ts
globals.ts
index.test.ts
index.ts
install-sh-version.test.ts
library.test.ts
library.ts
logger.test.ts
logger.ts
logging.ts
param-key.ts
plugin-activation-boundary.test.ts
Config: split static channel configured helper
2026-04-07 13:07:40 +08:00
poll-params.test.ts
poll-params.ts
refactor: dedupe daemon lowercase helpers
2026-04-07 13:44:42 +01:00
polls.test.ts
polls.ts
runtime.ts
ui-app-settings.agents-files-refresh.test.ts
utils.test.ts
feat: Add first-class infer CLI for inference workflows (#62129)
2026-04-07 07:11:19 -05:00
utils.ts
feat: Add first-class infer CLI for inference workflows (#62129)
2026-04-07 07:11:19 -05:00
version.test.ts
version.ts
refactor: dedupe helper trim readers
2026-04-07 08:40:34 +01:00