openclaw

mirror of https://github.com/openclaw/openclaw.git synced 2026-02-19 18:39:20 -05:00

Author	SHA1	Message	Date
Ayaan Zaidi	e57a4884dc	fix(telegram): finalize stop-created draft preview edits	2026-02-19 20:37:17 +05:30
Ayaan Zaidi	2947c69ae4	fix(telegram): scope stream fix to telegram lane handling	2026-02-19 20:37:17 +05:30
Ayaan Zaidi	99fa7d4b1d	fix(telegram): prevent reasoning duplicates in draft lanes	2026-02-19 20:37:17 +05:30
Ayaan Zaidi	9b8210ec38	fix: render telegram draft streams with markdown html	2026-02-19 20:37:17 +05:30
Ayaan Zaidi	b86aab1f66	fix: keep partial think-tag fragments out of streams	2026-02-19 20:37:16 +05:30
Ayaan Zaidi	0ff5badc17	fix: prevent leaking partial think tag fragments in streams	2026-02-19 20:37:16 +05:30
Ayaan Zaidi	ea8ed2e957	fix: avoid reasoning duplicate sends after stream split	2026-02-19 20:37:16 +05:30
Ayaan Zaidi	321e71c8a5	fix: separate telegram reasoning and answer draft streams	2026-02-19 20:37:16 +05:30
Peter Steinberger	a688ccf24a	refactor(security): unify safe-bin argv parsing and harden regressions	2026-02-19 16:04:58 +01:00
Peter Steinberger	2e421f32df	fix(security): restore trusted plugin runtime exec default	2026-02-19 16:01:29 +01:00
Peter Steinberger	8288702f51	docs(changelog): add Windows schtasks injection fix note	2026-02-19 15:57:42 +01:00
Peter Steinberger	dafe52e8cf	fix(daemon): escape schtasks environment assignments	2026-02-19 15:52:13 +01:00
Peter Steinberger	c45f3c5b00	fix(gateway): harden canvas auth with session capabilities	2026-02-19 15:51:22 +01:00
Peter Steinberger	f76f98b268	chore: fix formatting drift and stabilize cron tool mocks	2026-02-19 15:41:38 +01:00
Peter Steinberger	63e39d7f57	fix(security): harden ACP prompt size guardrails	2026-02-19 15:41:01 +01:00
Aether AI Agent	ebcf19746f	fix(security): OC-53 validate prompt size before string concatenation to prevent memory exhaustion — Aether AI Agent	2026-02-19 15:41:01 +01:00
Aether AI Agent	732e53151e	fix(security): OC-53 enforce 2MB prompt size limit to prevent ACP DoS — Aether AI Agent	2026-02-19 15:41:01 +01:00
Peter Steinberger	c9dee59266	refactor(security): centralize trusted sender checks for discord moderation	2026-02-19 15:39:56 +01:00
Peter Steinberger	81b19aaa1a	fix(security): enforce plugin and hook path containment	2026-02-19 15:37:29 +01:00
Peter Steinberger	10379e7dcd	fix: harden voice-call tts deep merge	2026-02-19 15:37:01 +01:00
Peter Steinberger	b40821b068	fix: harden ACP secret handling and exec preflight boundaries	2026-02-19 15:34:20 +01:00
Peter Steinberger	3d7ad1cfca	fix(security): centralize owner-only tool gating and scope maps	2026-02-19 15:29:23 +01:00
Peter Steinberger	9130fd2b06	ci: harden workflow action input handling	2026-02-19 15:27:48 +01:00
Peter Steinberger	efca61e3ac	test: share cron tool mock harness	2026-02-19 14:27:37 +00:00
Peter Steinberger	eb9861b20a	test: share memory manager bootstrap helper	2026-02-19 14:27:37 +00:00
Peter Steinberger	2581b67cdb	refactor: share exec approval request helper	2026-02-19 14:27:37 +00:00
Peter Steinberger	3179097a1f	refactor: dedupe redact snapshot restore prelude	2026-02-19 14:27:37 +00:00
Peter Steinberger	ffd4e85873	refactor: share allow-from merge and sender-id checks	2026-02-19 14:27:37 +00:00
Peter Steinberger	ba538c98c7	refactor: share plain object guard across config and utils	2026-02-19 14:27:36 +00:00
Peter Steinberger	397f243ded	refactor: dedupe gateway session guards and agent test fixtures	2026-02-19 14:27:36 +00:00
Peter Steinberger	a99fd8f2dd	refactor: reuse daemon action response type in lifecycle core	2026-02-19 14:27:36 +00:00
Peter Steinberger	672b1c5084	refactor: dedupe slack monitor mrkdwn and modal event base	2026-02-19 14:27:36 +00:00
Peter Steinberger	cb6b835a49	test: dedupe heartbeat and action-runner fixtures	2026-02-19 14:27:36 +00:00
Peter Steinberger	26c9b37f5b	fix(security): enforce strict IPv4 SSRF literal handling	2026-02-19 15:24:47 +01:00
Peter Steinberger	77c748304b	refactor(plugins): extract safety and provenance helpers	2026-02-19 15:24:14 +01:00
Peter Steinberger	775816035e	fix(security): enforce trusted sender auth for discord moderation	2026-02-19 15:18:24 +01:00
Peter Steinberger	baa335f258	fix(security): harden SSRF IPv4 literal parsing	2026-02-19 15:14:46 +01:00
Peter Steinberger	3561442a9f	fix(plugins): harden discovery trust checks	2026-02-19 15:14:12 +01:00
Peter Steinberger	5dc50b8a3f	fix(security): harden npm plugin and hook install integrity flow	2026-02-19 15:11:25 +01:00
Peter Steinberger	2777d8ad93	refactor(security): unify gateway scope authorization flows	2026-02-19 15:06:38 +01:00
Peter Steinberger	f4b288b8f7	refactor(feishu): dedupe mention regex escaping	2026-02-19 15:04:40 +01:00
Peter Steinberger	b54ba3391b	fix: credit contributor in changelog (#20916 ) (thanks @orlyjamie)	2026-02-19 15:00:10 +01:00
Peter Steinberger	29118995ad	refactor(lobster): remove lobsterPath overrides	2026-02-19 14:58:13 +01:00
Peter Steinberger	f8b61bb4ed	refactor(acp): split session tests and share rate limiter	2026-02-19 14:55:06 +01:00
Peter Steinberger	19348050be	style: normalize acp translator import ordering	2026-02-19 13:54:40 +00:00
Peter Steinberger	7a89049d1d	refactor: dedupe pending pairing request flow and add reuse tests	2026-02-19 13:54:35 +00:00
Peter Steinberger	d900d5efbd	style: normalize ws message handler import ordering	2026-02-19 13:51:53 +00:00
Peter Steinberger	79ab4927c1	test: dedupe extracted-size budget assertions in archive tests	2026-02-19 13:51:53 +00:00
Peter Steinberger	7426848913	test(feishu): add mention regex injection regressions	2026-02-19 14:51:41 +01:00
Jamie	7e67ab75cc	fix(feishu): escape regex metacharacters in stripBotMention stripBotMention() passed mention.name and mention.key directly into new RegExp() without escaping, allowing regex injection and ReDoS via crafted Feishu mention metadata. extractMessageBody() in mention.ts already escapes correctly — this applies the same pattern. Ref: GHSA-c6hr-w26q-c636	2026-02-19 14:51:41 +01:00

1 2 3 4 5 ...

12751 Commits