Skip to content

v0.2.2

Choose a tag to compare

View all tags
@github-actions github-actions released this 26 Feb 14:59
· 23 commits to main since this release
v0.2.2
e743fbb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Patch Changes

  • e6f6ae3: Hardened CLI security in three areas without changing intended workflows:

    • Block extension deploy path traversal by validating handle and source stay within the extension workspace.
    • Quote and escape generated .env values to prevent newline/comment-based env injection.
    • Restrict truncation full_output dump permissions to owner-only (0700 dir, 0600 files).

    Also adds regression tests covering these protections.

Assets 2
Loading