github/openclaw
1
1
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-02-19 18:39:20 -05:00
Code Issues Packages Projects Releases Wiki Activity
12,722 Commits 404 Branches 56 Tags
397f243dedef0983cb1f29f3c69d56fc604c9b13
Commit Graph

12722 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Steinberger
397f243ded refactor: dedupe gateway session guards and agent test fixtures 2026-02-19 14:27:36 +00:00
Peter Steinberger
a99fd8f2dd refactor: reuse daemon action response type in lifecycle core 2026-02-19 14:27:36 +00:00
Peter Steinberger
672b1c5084 refactor: dedupe slack monitor mrkdwn and modal event base 2026-02-19 14:27:36 +00:00
Peter Steinberger
cb6b835a49 test: dedupe heartbeat and action-runner fixtures 2026-02-19 14:27:36 +00:00
Peter Steinberger
26c9b37f5b fix(security): enforce strict IPv4 SSRF literal handling 2026-02-19 15:24:47 +01:00
Peter Steinberger
77c748304b refactor(plugins): extract safety and provenance helpers 2026-02-19 15:24:14 +01:00
Peter Steinberger
775816035e fix(security): enforce trusted sender auth for discord moderation 2026-02-19 15:18:24 +01:00
Peter Steinberger
baa335f258 fix(security): harden SSRF IPv4 literal parsing 2026-02-19 15:14:46 +01:00
Peter Steinberger
3561442a9f fix(plugins): harden discovery trust checks 2026-02-19 15:14:12 +01:00
Peter Steinberger
5dc50b8a3f fix(security): harden npm plugin and hook install integrity flow 2026-02-19 15:11:25 +01:00
Peter Steinberger
2777d8ad93 refactor(security): unify gateway scope authorization flows 2026-02-19 15:06:38 +01:00
Peter Steinberger
f4b288b8f7 refactor(feishu): dedupe mention regex escaping 2026-02-19 15:04:40 +01:00
Peter Steinberger
b54ba3391b fix: credit contributor in changelog (#20916) (thanks @orlyjamie) 2026-02-19 15:00:10 +01:00
Peter Steinberger
29118995ad refactor(lobster): remove lobsterPath overrides 2026-02-19 14:58:13 +01:00
Peter Steinberger
f8b61bb4ed refactor(acp): split session tests and share rate limiter 2026-02-19 14:55:06 +01:00
Peter Steinberger
19348050be style: normalize acp translator import ordering 2026-02-19 13:54:40 +00:00
Peter Steinberger
7a89049d1d refactor: dedupe pending pairing request flow and add reuse tests 2026-02-19 13:54:35 +00:00
Peter Steinberger
d900d5efbd style: normalize ws message handler import ordering 2026-02-19 13:51:53 +00:00
Peter Steinberger
79ab4927c1 test: dedupe extracted-size budget assertions in archive tests 2026-02-19 13:51:53 +00:00
Peter Steinberger
7426848913 test(feishu): add mention regex injection regressions 2026-02-19 14:51:41 +01:00
Jamie
7e67ab75cc fix(feishu): escape regex metacharacters in stripBotMention 
stripBotMention() passed mention.name and mention.key directly into
new RegExp() without escaping, allowing regex injection and ReDoS via
crafted Feishu mention metadata. extractMessageBody() in mention.ts
already escapes correctly — this applies the same pattern.

Ref: GHSA-c6hr-w26q-c636
 2026-02-19 14:51:41 +01:00
Peter Steinberger
e01011e3e4 fix(acp): harden session lifecycle against flooding 2026-02-19 14:50:17 +01:00
Peter Steinberger
4ddc4dfd76 test: dedupe fetch cleanup-throw signal harness 2026-02-19 13:50:07 +00:00
Peter Steinberger
0bda0202fd fix(security): require explicit approval for device access upgrades 2026-02-19 14:49:09 +01:00
Peter Steinberger
182ffdf557 test: dedupe zai env test setup and cover blank legacy key 2026-02-19 13:48:21 +00:00
Peter Steinberger
d9046f0d2a chore(deps): update dependencies to latest 2026-02-19 14:46:16 +01:00
Peter Steinberger
177654f526 refactor: dedupe APNs push send flow and add wake default test 2026-02-19 13:45:34 +00:00
Peter Steinberger
722a898f20 refactor: dedupe openclaw root traversal and add coverage 2026-02-19 13:43:31 +00:00
Peter Steinberger
cf6edc6d57 docs(changelog): credit allsmog for Lobster security report 2026-02-19 14:43:03 +01:00
Peter Steinberger
758ea3c5a1 style: apply oxfmt import ordering for check 2026-02-19 14:38:55 +01:00
Peter Steinberger
08a7967936 fix(security): fail closed on gateway bind fallback and tighten canvas IP fallback 2026-02-19 14:38:55 +01:00
Peter Steinberger
a40c10d3e2 fix: harden agent gateway authorization scopes 2026-02-19 14:37:56 +01:00
Peter Steinberger
165c18819e refactor(security): simplify safe-bin validation structure 2026-02-19 14:33:58 +01:00
Peter Steinberger
74c51aeb1e style: format gateway server methods 2026-02-19 13:32:58 +00:00
Peter Steinberger
7c9130f3c5 docs: require SECURITY.md before GHSA reviews 2026-02-19 14:32:19 +01:00
Peter Steinberger
268b0dc921 style: fix formatting drift in security allowlist checks 2026-02-19 13:31:01 +00:00
Peter Steinberger
ff74d89e86 fix: harden gateway control-plane restart protections 2026-02-19 14:30:15 +01:00
Peter Steinberger
14b4c7fd56 refactor: dedupe provider usage auth/fetch logic and expand coverage 2026-02-19 13:28:18 +00:00
Peter Steinberger
2d485cd47a refactor(security): extract safe-bin policy and dedupe tests 2026-02-19 14:28:03 +01:00
Peter Steinberger
0e85380e56 style: format files and fix safe-bins e2e typing 2026-02-19 14:26:12 +01:00
Peter Steinberger
e3e0ffd801 feat(security): audit gateway HTTP no-auth exposure 2026-02-19 14:25:56 +01:00
Peter Steinberger
808a60d3bd docs: clarify intentional network-visible canvas model in security policy 2026-02-19 14:25:41 +01:00
Peter Steinberger
fec48a5006 refactor(exec): split host flows and harden safe-bin trust 2026-02-19 14:22:01 +01:00
Thorfinn
b45bb6801c fix(doctor): skip embedding provider check when QMD backend is active (openclaw#17295) thanks @miloudbelarebia 
Verified:
- pnpm build
- pnpm check (fails on baseline formatting drift in files identical to origin/main)
- pnpm test:macmini

Co-authored-by: miloudbelarebia <52387093+miloudbelarebia@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-19 07:21:27 -06:00
Peter Steinberger
bafdbb6f11 fix(security): eliminate safeBins file-existence oracle 2026-02-19 14:18:11 +01:00
Peter Steinberger
1316e57403 fix: enforce inbound attachment root policy across pipelines 2026-02-19 14:15:51 +01:00
Peter Steinberger
cfe8457a0f fix(security): harden safeBins stdin-only enforcement 2026-02-19 14:10:45 +01:00
Peter Steinberger
3c127b6eac test: dedupe provider usage tests and expand coverage 2026-02-19 13:08:01 +00:00
Peter Steinberger
ec232a9e2d refactor(security): harden temp-path handling for inbound media 2026-02-19 14:06:37 +01:00
Peter Steinberger
9f9cd5cbb2 refactor(browser): unify navigation guard path and error typing 2026-02-19 14:04:18 +01:00