nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,729 Commits 712 Branches 79 Tags 2.1 GiB
Commit Graph

12729 Commits

Author SHA1 Message Date
Peter Steinberger 9130fd2b06 ci: harden workflow action input handling 2026-02-19 15:27:48 +01:00
Peter Steinberger efca61e3ac test: share cron tool mock harness 2026-02-19 14:27:37 +00:00
Peter Steinberger eb9861b20a test: share memory manager bootstrap helper 2026-02-19 14:27:37 +00:00
Peter Steinberger 2581b67cdb refactor: share exec approval request helper 2026-02-19 14:27:37 +00:00
Peter Steinberger 3179097a1f refactor: dedupe redact snapshot restore prelude 2026-02-19 14:27:37 +00:00
Peter Steinberger ffd4e85873 refactor: share allow-from merge and sender-id checks 2026-02-19 14:27:37 +00:00
Peter Steinberger ba538c98c7 refactor: share plain object guard across config and utils 2026-02-19 14:27:36 +00:00
Peter Steinberger 397f243ded refactor: dedupe gateway session guards and agent test fixtures 2026-02-19 14:27:36 +00:00
Peter Steinberger a99fd8f2dd refactor: reuse daemon action response type in lifecycle core 2026-02-19 14:27:36 +00:00
Peter Steinberger 672b1c5084 refactor: dedupe slack monitor mrkdwn and modal event base 2026-02-19 14:27:36 +00:00
Peter Steinberger cb6b835a49 test: dedupe heartbeat and action-runner fixtures 2026-02-19 14:27:36 +00:00
Peter Steinberger 26c9b37f5b fix(security): enforce strict IPv4 SSRF literal handling 2026-02-19 15:24:47 +01:00
Peter Steinberger 77c748304b refactor(plugins): extract safety and provenance helpers 2026-02-19 15:24:14 +01:00
Peter Steinberger 775816035e fix(security): enforce trusted sender auth for discord moderation 2026-02-19 15:18:24 +01:00
Peter Steinberger baa335f258 fix(security): harden SSRF IPv4 literal parsing 2026-02-19 15:14:46 +01:00
Peter Steinberger 3561442a9f fix(plugins): harden discovery trust checks 2026-02-19 15:14:12 +01:00
Peter Steinberger 5dc50b8a3f fix(security): harden npm plugin and hook install integrity flow 2026-02-19 15:11:25 +01:00
Peter Steinberger 2777d8ad93 refactor(security): unify gateway scope authorization flows 2026-02-19 15:06:38 +01:00
Peter Steinberger f4b288b8f7 refactor(feishu): dedupe mention regex escaping 2026-02-19 15:04:40 +01:00
Peter Steinberger b54ba3391b fix: credit contributor in changelog (#20916) (thanks @orlyjamie) 2026-02-19 15:00:10 +01:00
Peter Steinberger 29118995ad refactor(lobster): remove lobsterPath overrides 2026-02-19 14:58:13 +01:00
Peter Steinberger f8b61bb4ed refactor(acp): split session tests and share rate limiter 2026-02-19 14:55:06 +01:00
Peter Steinberger 19348050be style: normalize acp translator import ordering 2026-02-19 13:54:40 +00:00
Peter Steinberger 7a89049d1d refactor: dedupe pending pairing request flow and add reuse tests 2026-02-19 13:54:35 +00:00
Peter Steinberger d900d5efbd style: normalize ws message handler import ordering 2026-02-19 13:51:53 +00:00
Peter Steinberger 79ab4927c1 test: dedupe extracted-size budget assertions in archive tests 2026-02-19 13:51:53 +00:00
Peter Steinberger 7426848913 test(feishu): add mention regex injection regressions 2026-02-19 14:51:41 +01:00
Jamie 7e67ab75cc fix(feishu): escape regex metacharacters in stripBotMention 
stripBotMention() passed mention.name and mention.key directly into
new RegExp() without escaping, allowing regex injection and ReDoS via
crafted Feishu mention metadata. extractMessageBody() in mention.ts
already escapes correctly — this applies the same pattern.

Ref: GHSA-c6hr-w26q-c636
 2026-02-19 14:51:41 +01:00
Peter Steinberger e01011e3e4 fix(acp): harden session lifecycle against flooding 2026-02-19 14:50:17 +01:00
Peter Steinberger 4ddc4dfd76 test: dedupe fetch cleanup-throw signal harness 2026-02-19 13:50:07 +00:00
Peter Steinberger 0bda0202fd fix(security): require explicit approval for device access upgrades 2026-02-19 14:49:09 +01:00
Peter Steinberger 182ffdf557 test: dedupe zai env test setup and cover blank legacy key 2026-02-19 13:48:21 +00:00
Peter Steinberger d9046f0d2a chore(deps): update dependencies to latest 2026-02-19 14:46:16 +01:00
Peter Steinberger 177654f526 refactor: dedupe APNs push send flow and add wake default test 2026-02-19 13:45:34 +00:00
Peter Steinberger 722a898f20 refactor: dedupe openclaw root traversal and add coverage 2026-02-19 13:43:31 +00:00
Peter Steinberger cf6edc6d57 docs(changelog): credit allsmog for Lobster security report 2026-02-19 14:43:03 +01:00
Peter Steinberger 758ea3c5a1 style: apply oxfmt import ordering for check 2026-02-19 14:38:55 +01:00
Peter Steinberger 08a7967936 fix(security): fail closed on gateway bind fallback and tighten canvas IP fallback 2026-02-19 14:38:55 +01:00
Peter Steinberger a40c10d3e2 fix: harden agent gateway authorization scopes 2026-02-19 14:37:56 +01:00
Peter Steinberger 165c18819e refactor(security): simplify safe-bin validation structure 2026-02-19 14:33:58 +01:00
Peter Steinberger 74c51aeb1e style: format gateway server methods 2026-02-19 13:32:58 +00:00
Peter Steinberger 7c9130f3c5 docs: require SECURITY.md before GHSA reviews 2026-02-19 14:32:19 +01:00
Peter Steinberger 268b0dc921 style: fix formatting drift in security allowlist checks 2026-02-19 13:31:01 +00:00
Peter Steinberger ff74d89e86 fix: harden gateway control-plane restart protections 2026-02-19 14:30:15 +01:00
Peter Steinberger 14b4c7fd56 refactor: dedupe provider usage auth/fetch logic and expand coverage 2026-02-19 13:28:18 +00:00
Peter Steinberger 2d485cd47a refactor(security): extract safe-bin policy and dedupe tests 2026-02-19 14:28:03 +01:00
Peter Steinberger 0e85380e56 style: format files and fix safe-bins e2e typing 2026-02-19 14:26:12 +01:00
Peter Steinberger e3e0ffd801 feat(security): audit gateway HTTP no-auth exposure 2026-02-19 14:25:56 +01:00
Peter Steinberger 808a60d3bd docs: clarify intentional network-visible canvas model in security policy 2026-02-19 14:25:41 +01:00
Peter Steinberger fec48a5006 refactor(exec): split host flows and harden safe-bin trust 2026-02-19 14:22:01 +01:00