nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,883 Commits 754 Branches 79 Tags 4 GiB
Commit Graph

77 Commits

Author SHA1 Message Date
Peter Steinberger f66b23de75 chore(release): bump versions to 2026.2.20 2026-02-20 00:02:53 +01:00
Peter Steinberger b0e55283d5 chore: bump release metadata to 2026.2.19 2026-02-19 16:17:34 +01:00
Peter Steinberger 3d7ad1cfca fix(security): centralize owner-only tool gating and scope maps 2026-02-19 15:29:23 +01:00
Peter Steinberger f4b288b8f7 refactor(feishu): dedupe mention regex escaping 2026-02-19 15:04:40 +01:00
Peter Steinberger 7426848913 test(feishu): add mention regex injection regressions 2026-02-19 14:51:41 +01:00
Jamie 7e67ab75cc fix(feishu): escape regex metacharacters in stripBotMention 
stripBotMention() passed mention.name and mention.key directly into
new RegExp() without escaping, allowing regex injection and ReDoS via
crafted Feishu mention metadata. extractMessageBody() in mention.ts
already escapes correctly — this applies the same pattern.

Ref: GHSA-c6hr-w26q-c636
 2026-02-19 14:51:41 +01:00
Peter Steinberger 0e85380e56 style: format files and fix safe-bins e2e typing 2026-02-19 14:26:12 +01:00
Peter Steinberger ec232a9e2d refactor(security): harden temp-path handling for inbound media 2026-02-19 14:06:37 +01:00
Peter Steinberger aa267812d3 test(security): add webhook hardening regressions 2026-02-19 13:31:28 +01:00
Peter Steinberger a23e0d5140 fix(security): harden feishu and zalo webhook ingress 2026-02-19 13:31:27 +01:00
Peter Steinberger cdb00fe242 fix(feishu): isolate temp download writes in mkdtemp dirs 2026-02-19 11:05:04 +01:00
Mariano a7c0aa94d9
refactor(security): share safe temp media path builder (#20810) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7a088e6801
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 09:59:21 +00:00
Mariano Belinky c821099157 Feishu: harden temp media download paths 2026-02-19 10:13:48 +01:00
Peter Steinberger 4bf3338834 chore: bump version to 2026.2.18 unreleased 2026-02-18 04:40:06 +01:00
Peter Steinberger b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger 31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
Peter Steinberger 9a2c39419e chore(release): bump version to 2026.2.17 2026-02-17 23:08:55 +01:00
Sebastian 7884d65687 test(feishu): cover post mentions for other users 2026-02-17 08:53:25 -05:00
cpojer d0cb8c19b2
chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
Sebastian ca19745fa2 Revert "channels: migrate extension account listing to factory" 
This reverts commit d24340d75b.
 2026-02-16 23:17:13 -05:00
cpojer d3a36cc3b0
chore: Fix remaining extension test types, enable type checking for extension tests. 2026-02-17 10:14:01 +09:00
cpojer 90ef2d6bdf
chore: Update formatting. 2026-02-17 09:18:40 +09:00
gaowanqi08141999 86517b8e30 feat(feishu): add bitable create app and create field tools 2026-02-17 00:02:00 +01:00
popomore eed806ce58 f 2026-02-16 23:59:41 +01:00
popomore a42ccb9c1d f 2026-02-16 23:59:41 +01:00
popomore c315246971 fix(feishu): fix mention detection for post messages with embedded docs 
Parse "at" elements from post content when message.mentions is empty to
detect bot mentions in rich text messages containing documents.
 2026-02-16 23:59:41 +01:00
yinghaosang d24340d75b channels: migrate extension account listing to factory 2026-02-16 23:53:19 +01:00
Peter Steinberger 544ffbcf7b refactor(extensions): dedupe connector helper usage 2026-02-16 14:59:30 +00:00
Peter Steinberger 39fa81dc96 chore: bump version to 2026.2.16 2026-02-16 06:08:47 +01:00
Peter Steinberger 342e9cac03 refactor(status): reuse plugin-sdk status helpers 2026-02-15 19:37:40 +00:00
Peter Steinberger bdfa2b490b refactor(media): reuse buildAgentMediaPayload 2026-02-15 19:37:40 +00:00
Shadow c6b3736fe7 fix: dedupe probe/token base types (#16986) (thanks @iyoda) 2026-02-15 11:36:54 -06:00
Peter Steinberger 379b445582 chore: bump version to 2026.2.15 2026-02-15 04:50:31 +01:00
Peter Steinberger fef86e475b refactor: dedupe shared helpers across ui/gateway/extensions 2026-02-15 03:34:14 +00:00
Peter Steinberger 1ff15e60d3 chore(release): bump versions to 2026.2.14 2026-02-15 02:53:35 +01:00
Peter Steinberger 65aac6494a refactor(feishu): share download buffer reader 2026-02-15 01:46:52 +00:00
Peter Steinberger 5b4121d601
fix: harden Feishu media URL fetching (#16285) (thanks @mbelinky) 
Security fix for Feishu extension media fetching.
 2026-02-14 16:42:35 +01:00
Tanwa Arpornthip c76288bdf1
fix(slack): download all files in multi-image messages (#15447) 
* fix(slack): download all files in multi-image messages

resolveSlackMedia() previously returned after downloading the first
file, causing multi-image Slack messages to lose all but the first
attachment. This changes the function to collect all successfully
downloaded files into an array, matching the pattern already used by
Telegram, Line, Discord, and iMessage adapters.

The prepare handler now populates MediaPaths, MediaUrls, and
MediaTypes arrays so downstream media processing (vision, sandbox
staging, media notes) works correctly with multiple attachments.

Fixes #11892, #7536

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(slack): preserve MediaTypes index alignment with MediaPaths/MediaUrls

The filter(Boolean) on MediaTypes removed entries with undefined contentType,
shrinking the array and breaking index correlation with MediaPaths and MediaUrls.
Downstream code (media-note.ts, attachments.ts) requires these arrays to have
equal lengths for correct per-attachment MIME type lookup. Replace filter(Boolean)
with a nullish coalescing fallback to "application/octet-stream".

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(slack): align MediaType fallback and tests (#15447) (thanks @CommanderCrowCode)

* fix: unblock plugin-sdk account-id typing (#15447)

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-02-14 14:16:02 +01:00
Peter Steinberger 6543ce717c perf(test): avoid plugin-sdk barrel imports 2026-02-14 12:42:19 +00:00
Artale 3a330e681b
fix(feishu): remove typing indicator on NO_REPLY cleanup (openclaw#15508) thanks @arosstale 
Verified:
- pnpm build
- pnpm check
- pnpm test

Co-authored-by: arosstale <117890364+arosstale@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-14 05:24:27 -06:00
Peter Steinberger a750a195e5 refactor(extensions): extract feishu dedup and mattermost onchar helpers 2026-02-13 19:08:37 +00:00
Peter Steinberger 3cbcba10cf fix(security): enforce bounded webhook body handling 2026-02-13 19:14:54 +01:00
Peter Steinberger 67251e97bd
fix(ci): sync extension versions to root release (#15199) 2026-02-13 05:54:03 +01:00
Peter Steinberger daf13dbb06 fix: enforce feishu dm policy + pairing flow (#14876) (thanks @coygeek) 2026-02-13 05:48:22 +01:00
Coy Geek f05553413d fix(aa-01): apply security fix 
Generated by staged fix workflow.
 2026-02-13 05:48:22 +01:00
LeftX 65be9ccf63
feat(feishu): add streaming card support via Card Kit API (openclaw#10379) thanks @xzq-xu 
Verified:
- pnpm build
- pnpm check
- pnpm test

Co-authored-by: xzq-xu <53989315+xzq-xu@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-02-12 20:19:27 -06:00
Peter Steinberger 722c010b95 chore(deps): update dependencies 2026-02-12 22:58:42 +01:00
0xRain af172742a3
fix(feishu): use msg_type 'media' for video/audio messages (#14648) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: e8044cb208
Co-authored-by: 0xRaini <190923101+0xRaini@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-12 19:05:09 +01:00
Peter Steinberger 7695b4842b chore: bump version to 2026.2.12 2026-02-12 18:20:46 +01:00