github/openclaw
1
1
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-02-19 18:39:20 -05:00
Code Issues Packages Projects Releases Wiki Activity
12,799 Commits 404 Branches 56 Tags
main
Commit Graph

77 Commits

Author SHA1 Message Date
Peter Steinberger
f66b23de75 chore(release): bump versions to 2026.2.20 2026-02-20 00:02:53 +01:00
Peter Steinberger
b0e55283d5 chore: bump release metadata to 2026.2.19 2026-02-19 16:17:34 +01:00
Peter Steinberger
3d7ad1cfca fix(security): centralize owner-only tool gating and scope maps 2026-02-19 15:29:23 +01:00
Peter Steinberger
f4b288b8f7 refactor(feishu): dedupe mention regex escaping 2026-02-19 15:04:40 +01:00
Peter Steinberger
7426848913 test(feishu): add mention regex injection regressions 2026-02-19 14:51:41 +01:00
Jamie
7e67ab75cc fix(feishu): escape regex metacharacters in stripBotMention 
stripBotMention() passed mention.name and mention.key directly into
new RegExp() without escaping, allowing regex injection and ReDoS via
crafted Feishu mention metadata. extractMessageBody() in mention.ts
already escapes correctly — this applies the same pattern.

Ref: GHSA-c6hr-w26q-c636
 2026-02-19 14:51:41 +01:00
Peter Steinberger
0e85380e56 style: format files and fix safe-bins e2e typing 2026-02-19 14:26:12 +01:00
Peter Steinberger
ec232a9e2d refactor(security): harden temp-path handling for inbound media 2026-02-19 14:06:37 +01:00
Peter Steinberger
aa267812d3 test(security): add webhook hardening regressions 2026-02-19 13:31:28 +01:00
Peter Steinberger
a23e0d5140 fix(security): harden feishu and zalo webhook ingress 2026-02-19 13:31:27 +01:00
Peter Steinberger
cdb00fe242 fix(feishu): isolate temp download writes in mkdtemp dirs 2026-02-19 11:05:04 +01:00
Mariano
a7c0aa94d9 refactor(security): share safe temp media path builder (#20810) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7a088e6801
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 09:59:21 +00:00
Mariano Belinky
c821099157 Feishu: harden temp media download paths 2026-02-19 10:13:48 +01:00
Peter Steinberger
4bf3338834 chore: bump version to 2026.2.18 unreleased 2026-02-18 04:40:06 +01:00
Peter Steinberger
b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
Peter Steinberger
9a2c39419e chore(release): bump version to 2026.2.17 2026-02-17 23:08:55 +01:00
Sebastian
7884d65687 test(feishu): cover post mentions for other users 2026-02-17 08:53:25 -05:00
cpojer
d0cb8c19b2 chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
Sebastian
ca19745fa2 Revert "channels: migrate extension account listing to factory" 
This reverts commit d24340d75b.
 2026-02-16 23:17:13 -05:00
cpojer
d3a36cc3b0 chore: Fix remaining extension test types, enable type checking for extension tests. 2026-02-17 10:14:01 +09:00
cpojer
90ef2d6bdf chore: Update formatting. 2026-02-17 09:18:40 +09:00
gaowanqi08141999
86517b8e30 feat(feishu): add bitable create app and create field tools 2026-02-17 00:02:00 +01:00
popomore
eed806ce58 f 2026-02-16 23:59:41 +01:00
popomore
a42ccb9c1d f 2026-02-16 23:59:41 +01:00
popomore
c315246971 fix(feishu): fix mention detection for post messages with embedded docs 
Parse "at" elements from post content when message.mentions is empty to
detect bot mentions in rich text messages containing documents.
 2026-02-16 23:59:41 +01:00
yinghaosang
d24340d75b channels: migrate extension account listing to factory 2026-02-16 23:53:19 +01:00
Peter Steinberger
544ffbcf7b refactor(extensions): dedupe connector helper usage 2026-02-16 14:59:30 +00:00
Peter Steinberger
39fa81dc96 chore: bump version to 2026.2.16 2026-02-16 06:08:47 +01:00
Peter Steinberger
342e9cac03 refactor(status): reuse plugin-sdk status helpers 2026-02-15 19:37:40 +00:00
Peter Steinberger
bdfa2b490b refactor(media): reuse buildAgentMediaPayload 2026-02-15 19:37:40 +00:00
Shadow
c6b3736fe7 fix: dedupe probe/token base types (#16986) (thanks @iyoda) 2026-02-15 11:36:54 -06:00
Peter Steinberger
379b445582 chore: bump version to 2026.2.15 2026-02-15 04:50:31 +01:00
Peter Steinberger
fef86e475b refactor: dedupe shared helpers across ui/gateway/extensions 2026-02-15 03:34:14 +00:00
Peter Steinberger
1ff15e60d3 chore(release): bump versions to 2026.2.14 2026-02-15 02:53:35 +01:00
Peter Steinberger
65aac6494a refactor(feishu): share download buffer reader 2026-02-15 01:46:52 +00:00
Peter Steinberger
5b4121d601 fix: harden Feishu media URL fetching (#16285) (thanks @mbelinky) 
Security fix for Feishu extension media fetching.
 2026-02-14 16:42:35 +01:00
Tanwa Arpornthip
c76288bdf1 fix(slack): download all files in multi-image messages (#15447) 
* fix(slack): download all files in multi-image messages

resolveSlackMedia() previously returned after downloading the first
file, causing multi-image Slack messages to lose all but the first
attachment. This changes the function to collect all successfully
downloaded files into an array, matching the pattern already used by
Telegram, Line, Discord, and iMessage adapters.

The prepare handler now populates MediaPaths, MediaUrls, and
MediaTypes arrays so downstream media processing (vision, sandbox
staging, media notes) works correctly with multiple attachments.

Fixes #11892, #7536

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(slack): preserve MediaTypes index alignment with MediaPaths/MediaUrls

The filter(Boolean) on MediaTypes removed entries with undefined contentType,
shrinking the array and breaking index correlation with MediaPaths and MediaUrls.
Downstream code (media-note.ts, attachments.ts) requires these arrays to have
equal lengths for correct per-attachment MIME type lookup. Replace filter(Boolean)
with a nullish coalescing fallback to "application/octet-stream".

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(slack): align MediaType fallback and tests (#15447) (thanks @CommanderCrowCode)

* fix: unblock plugin-sdk account-id typing (#15447)

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-14 14:16:02 +01:00
Peter Steinberger
6543ce717c perf(test): avoid plugin-sdk barrel imports 2026-02-14 12:42:19 +00:00
Artale
3a330e681b fix(feishu): remove typing indicator on NO_REPLY cleanup (openclaw#15508) thanks @arosstale 
Verified:
- pnpm build
- pnpm check
- pnpm test

Co-authored-by: arosstale <117890364+arosstale@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-14 05:24:27 -06:00
Peter Steinberger
a750a195e5 refactor(extensions): extract feishu dedup and mattermost onchar helpers 2026-02-13 19:08:37 +00:00
Peter Steinberger
3cbcba10cf fix(security): enforce bounded webhook body handling 2026-02-13 19:14:54 +01:00
Peter Steinberger
67251e97bd fix(ci): sync extension versions to root release (#15199) 2026-02-13 05:54:03 +01:00
Peter Steinberger
daf13dbb06 fix: enforce feishu dm policy + pairing flow (#14876) (thanks @coygeek) 2026-02-13 05:48:22 +01:00
Coy Geek
f05553413d fix(aa-01): apply security fix 
Generated by staged fix workflow.
 2026-02-13 05:48:22 +01:00
LeftX
65be9ccf63 feat(feishu): add streaming card support via Card Kit API (openclaw#10379) thanks @xzq-xu 
Verified:
- pnpm build
- pnpm check
- pnpm test

Co-authored-by: xzq-xu <53989315+xzq-xu@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-12 20:19:27 -06:00
Peter Steinberger
722c010b95 chore(deps): update dependencies 2026-02-12 22:58:42 +01:00
0xRain
af172742a3 fix(feishu): use msg_type 'media' for video/audio messages (#14648) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: e8044cb208
Co-authored-by: 0xRaini <190923101+0xRaini@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-12 19:05:09 +01:00
Peter Steinberger
7695b4842b chore: bump version to 2026.2.12 2026-02-12 18:20:46 +01:00