github/openclaw
1
1
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-02-19 18:39:20 -05:00
Code Issues Packages Projects Releases Wiki Activity
12,799 Commits 404 Branches 56 Tags
main
Commit Graph

2937 Commits

Author SHA1 Message Date
Vincent Koc
ce2a39a271 Security: bump hono for timing-safe auth hardening 2026-02-19 15:13:38 -08:00
Vincent Koc
2c93f6656a Docs: record PR #21336 anthropic onboarding fix 2026-02-19 15:13:38 -08:00
Vincent Koc
4883aa5439 docs(changelog): credit prior Slack recipient-id groundwork for 20988 (#21434) 2026-02-19 14:48:29 -08:00
Josh Avant
c2876b69fb feat(auto-reply): add model fallback lifecycle visibility in status, verbose logs, and WebUI (#20704) 2026-02-19 14:33:02 -08:00
Vincent Koc
6cdcb5904d chore: update changelog for merged fixes 7734 and 21086 (#21254) 2026-02-19 13:00:40 -08:00
Mariano
e98ccc8e17 iOS/Gateway: stabilize background wake and reconnect behavior (#21226) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7705a7741e
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 20:20:28 +00:00
Shadow
f7a8c2df2c Discord: handle gateway 4014 close 2026-02-19 13:47:28 -06:00
George Pickett
85fee30e6b fix: changelog for cross-origin redirect header stripping (#20313) (thanks @afurm) 2026-02-19 11:42:25 -08:00
Shakker
eec5a6d6f1 Changelog: move prompt caching fix to unreleased 2026-02-19 19:22:46 +00:00
Shakker
45b54d90ab Changelog: add auto-reply run-start fix (#21165) (thanks @shakkernerd) 2026-02-19 19:15:09 +00:00
Isis Anisoptera
4b7d89100e fix(auto-reply): restore prompt cache stability by moving per-turn ids to user context (#20597) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 175919afb6
Co-authored-by: anisoptera <768771+anisoptera@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 19:11:47 +00:00
Shakker
ff3a7e5635 chore: bump release metadata to 2026.2.20 2026-02-19 18:57:08 +00:00
Mariano
a1d5dce7ab iOS: use dedicated session key for chat sheet (#21139) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 31a27b0c5b
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 18:42:56 +00:00
Mariano
42d11a3ec5 iOS: auto-resync chat after reconnect gaps (#21135) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 1beca3a76d
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 18:37:13 +00:00
Peter Steinberger
9f5429e528 docs: trim refactor-only and duplicate changelog entries 2026-02-19 16:34:10 +01:00
Peter Steinberger
b0e55283d5 chore: bump release metadata to 2026.2.19 2026-02-19 16:17:34 +01:00
Peter Steinberger
280c6b117b fix(daemon): harden windows schtasks script quoting 2026-02-19 16:16:51 +01:00
Peter Steinberger
2e421f32df fix(security): restore trusted plugin runtime exec default 2026-02-19 16:01:29 +01:00
Peter Steinberger
8288702f51 docs(changelog): add Windows schtasks injection fix note 2026-02-19 15:57:42 +01:00
Peter Steinberger
c45f3c5b00 fix(gateway): harden canvas auth with session capabilities 2026-02-19 15:51:22 +01:00
Peter Steinberger
63e39d7f57 fix(security): harden ACP prompt size guardrails 2026-02-19 15:41:01 +01:00
Peter Steinberger
c9dee59266 refactor(security): centralize trusted sender checks for discord moderation 2026-02-19 15:39:56 +01:00
Peter Steinberger
81b19aaa1a fix(security): enforce plugin and hook path containment 2026-02-19 15:37:29 +01:00
Peter Steinberger
10379e7dcd fix: harden voice-call tts deep merge 2026-02-19 15:37:01 +01:00
Peter Steinberger
b40821b068 fix: harden ACP secret handling and exec preflight boundaries 2026-02-19 15:34:20 +01:00
Peter Steinberger
3d7ad1cfca fix(security): centralize owner-only tool gating and scope maps 2026-02-19 15:29:23 +01:00
Peter Steinberger
26c9b37f5b fix(security): enforce strict IPv4 SSRF literal handling 2026-02-19 15:24:47 +01:00
Peter Steinberger
77c748304b refactor(plugins): extract safety and provenance helpers 2026-02-19 15:24:14 +01:00
Peter Steinberger
775816035e fix(security): enforce trusted sender auth for discord moderation 2026-02-19 15:18:24 +01:00
Peter Steinberger
baa335f258 fix(security): harden SSRF IPv4 literal parsing 2026-02-19 15:14:46 +01:00
Peter Steinberger
3561442a9f fix(plugins): harden discovery trust checks 2026-02-19 15:14:12 +01:00
Peter Steinberger
5dc50b8a3f fix(security): harden npm plugin and hook install integrity flow 2026-02-19 15:11:25 +01:00
Peter Steinberger
2777d8ad93 refactor(security): unify gateway scope authorization flows 2026-02-19 15:06:38 +01:00
Peter Steinberger
b54ba3391b fix: credit contributor in changelog (#20916) (thanks @orlyjamie) 2026-02-19 15:00:10 +01:00
Peter Steinberger
29118995ad refactor(lobster): remove lobsterPath overrides 2026-02-19 14:58:13 +01:00
Peter Steinberger
7426848913 test(feishu): add mention regex injection regressions 2026-02-19 14:51:41 +01:00
Peter Steinberger
e01011e3e4 fix(acp): harden session lifecycle against flooding 2026-02-19 14:50:17 +01:00
Peter Steinberger
cf6edc6d57 docs(changelog): credit allsmog for Lobster security report 2026-02-19 14:43:03 +01:00
Peter Steinberger
a40c10d3e2 fix: harden agent gateway authorization scopes 2026-02-19 14:37:56 +01:00
Peter Steinberger
ff74d89e86 fix: harden gateway control-plane restart protections 2026-02-19 14:30:15 +01:00
Peter Steinberger
e3e0ffd801 feat(security): audit gateway HTTP no-auth exposure 2026-02-19 14:25:56 +01:00
Thorfinn
b45bb6801c fix(doctor): skip embedding provider check when QMD backend is active (openclaw#17295) thanks @miloudbelarebia 
Verified:
- pnpm build
- pnpm check (fails on baseline formatting drift in files identical to origin/main)
- pnpm test:macmini

Co-authored-by: miloudbelarebia <52387093+miloudbelarebia@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 07:21:27 -06:00
Peter Steinberger
bafdbb6f11 fix(security): eliminate safeBins file-existence oracle 2026-02-19 14:18:11 +01:00
Peter Steinberger
cfe8457a0f fix(security): harden safeBins stdin-only enforcement 2026-02-19 14:10:45 +01:00
Peter Steinberger
6195660b1a fix(browser): unify SSRF guard path for navigation 2026-02-19 13:44:01 +01:00
Peter Steinberger
3c419b7bd3 docs(security): document webhook hardening and changelog 2026-02-19 13:31:44 +01:00
Vincent Koc
043b2f5e7a changelog: add unreleased fixes from recent PRs (#20897) 2026-02-19 03:44:15 -08:00
Mariano
db73402235 Security: add explicit opt-in for deprecated plugin runtime exec (#20874) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: de69f81725
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 11:30:36 +00:00
Vincent Koc
267bb3c81c changelog: backfill PR release-note entries (#20839) 
* Docs: backfill changelog entries

* Docs: mark PR 20836 as merged in changelog
 2026-02-19 02:43:57 -08:00
Peter Steinberger
49d0def6d1 fix(security): harden imessage remote scp/ssh handling 2026-02-19 11:08:23 +01:00