### CHANGES
- Add `create_story_about_people_interaction` pattern description
- Include pattern in `ANALYSIS` and `WRITING` categories
- Update `suggest_pattern` system and user documentation
- Modify JSON files to incorporate new pattern details
- Replace hardcoded strings with i18n.T translations
- Add en and es JSON locale files
- Implement custom translated help system
- Enable language detection from CLI args
- Add locale download capability
- Localize error messages throughout codebase
- Support TTS and notification translations
- Add internationalization system with Spanish support
- Create contexts and sessions tutorial documentation
- Fix broken Warp sponsorship image URL
- Add locale detection from environment variables
- Update VSCode settings with new dictionary words
- Exclude VSCode settings from version workflows
- Update pattern descriptions and explanations
- Add comprehensive i18n test coverage
- Replace with correct div structure and styling
- Use proper Warp image URL from brand assets
- Add 'Special thanks to:' text and platform availability
- Maintains proper spacing and alignment
- Close the main div container properly after fabric screenshot
- Fix HTML structure that was causing repetitive content display
- Ensure proper markdown rendering on GitHub
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace old banner with new warp-banner-light.png image
- Update styling to use modern p tags with proper centering
- Maintain existing go.warp.dev/fabric redirect URL
- Add descriptive alt text and emphasis text for accessibility
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add winget installation method for Windows
- Add Docker Hub and GHCR image references
- Include docker run examples for setup/patterns
- Remove deprecated PowerShell download link
- Delete unused show_fabric_options_markmap pattern
- Update suggest_pattern with new AI patterns
- Add personal development patterns for storytelling
## CHANGES
- Support custom tag from client payload in workflow
- Fallback to github.ref_name when no custom tag provided
- Enable manual release triggers with specified tag parameter
CHANGES
- Gate release and version workflows to upstream owner only.
- Switch tagging and releases to built-in GITHUB_TOKEN.
- Replace environment passing with step outputs across workflows.
- Remove docker-publish-on-tag workflow to reduce duplication and complexity.
- Add OCI description label to Docker image.
- Document GHCR multi-arch annotations for accurate package descriptions.
- Update README with new ARM binary release announcement.
- Simplify GoReleaser config by removing comments and extras.
CHANGES
- Add create_story_about_person system pattern with narrative workflow
- Add heal_person system pattern for compassionate healing plans
- Update pattern_explanations to register new patterns and renumber indices
- Extend pattern_descriptions with entries, tags, and concise descriptions
- Add pattern_extracts for both patterns with full instruction blocks
- Bump devalue dependency from 5.1.1 to 5.3.2
- Refresh lockfile snapshots to reference updated devalue version
- Sync web static pattern_descriptions with new patterns
Updates `devalue` from 5.1.1 to 5.3.2
- [Release notes](https://github.com/sveltejs/devalue/releases)
- [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md)
- [Commits](sveltejs/devalue@v5.1.1...v5.3.2)
---
updated-dependencies:
- dependency-name: devalue
dependency-version: 5.3.2
dependency-type: indirect
dependency-group: npm_and_yarn
...
Signed-off-by: dependabot[bot] <support@github.com>
CHANGES
- Add GitHub Actions workflow to publish Docker images on tags
- Build multi-arch images with Buildx and QEMU across amd64, arm64
- Tag images using semver; push to GHCR and Docker Hub
- Set :latest only for highest semver tag via imagetools
- Gate patterns workflow steps on detected changes instead of failing
- Auto-detect GitHub owner and repo from git remote URL
- Remove hardcoded repository values in changelog release manager
- Normalize image names to lowercase for registry compatibility
- Enable GitHub Actions cache for faster Docker builds
- Add VS Code dictionary entries for Docker-related terms
• Update ollama package to version 0.11.7
• Refresh go.sum with new dependency checksums
- **Link**: [https://nvd.nist.gov/vuln/detail/CVE-2025-0317](https://nvd.nist.gov/vuln/detail/CVE-2025-0317)
- **CVSS Score**: 7.5 (High)
- **Description**: A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service (DoS) attack.
- **Affected**: Ollama server versions ≤ 0.3.14
- **Impact**: Denial of Service through division by zero error
- **Link**: [https://nvd.nist.gov/vuln/detail/CVE-2025-0315](https://nvd.nist.gov/vuln/detail/CVE-2025-0315)
- **CVSS Score**: 7.5 (High)
- **Description**: Vulnerability allows Denial of Service via customized GGUF model file upload on Ollama server.
- **Affected**: Ollama/ollama versions ≤ 0.3.14
- **Impact**: Denial of Service through malicious GGUF model file uploads
- **Link**: [https://nvd.nist.gov/vuln/detail/CVE-2024-12886](https://nvd.nist.gov/vuln/detail/CVE-2024-12886)
- **CVSS Score**: 7.5 (High)
- **Description**: An Out-Of-Memory (OOM) vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing.
- **Affected**: Ollama server version 0.3.14
- **Impact**: Denial of Service through memory exhaustion via gzip bomb attack
- **Link**: [https://nvd.nist.gov/vuln/detail/CVE-2024-8063](https://nvd.nist.gov/vuln/detail/CVE-2024-8063)
- **CVSS Score**: 7.5 (High)
- **Description**: Security vulnerability with high severity rating
- **Impact**: Requires patching for security compliance
- **Link**: [https://nvd.nist.gov/vuln/detail/CVE-2024-12055](https://nvd.nist.gov/vuln/detail/CVE-2024-12055)
- **CVSS Score**: 7.5 (High)
- **Description**: High-severity security vulnerability requiring immediate attention
- **Impact**: Critical security flaw needing remediation
- **Link**: [https://nvd.nist.gov/vuln/detail/CVE-2025-51471](https://nvd.nist.gov/vuln/detail/CVE-2025-51471)
- **CVSS Score**: 6.9 (Medium)
- **Description**: Medium severity security vulnerability
- **Impact**: Security risk requiring patching as part of comprehensive security updates
- **Link**: [https://nvd.nist.gov/vuln/detail/CVE-2025-46394](https://nvd.nist.gov/vuln/detail/CVE-2025-46394)
- **CVSS Score**: 3.2 (Low)
- **Description**: Low-severity security issue
- **Impact**: Minor security concern addressed as part of comprehensive security maintenance
- **Link**: [https://nvd.nist.gov/vuln/detail/CVE-2024-58251](https://nvd.nist.gov/vuln/detail/CVE-2024-58251)
- **CVSS Score**: 2.5 (Low)
- **Description**: Low-severity security vulnerability
- **Impact**: Minimal security risk addressed for comprehensive security posture
This comprehensive security fix addresses **8 CVEs** total:
- **5 High Severity** vulnerabilities (CVSS 7.5)
- **1 Medium Severity** vulnerability (CVSS 6.9)
- **2 Low Severity** vulnerabilities (CVSS 3.2 and 2.5)
The majority of high-severity issues are related to **Ollama server vulnerabilities** that could lead to Denial of Service attacks through various vectors including division by zero errors, memory exhaustion, and malicious file uploads. These fixes ensure robust protection against these attack vectors and maintain system availability.
**Priority**: The high-severity Ollama vulnerabilities should be considered critical for any systems running Ollama server components, as they can lead to service disruption and potential system crashes.
