mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-06 13:31:37 +00:00
Security: harden sandboxed media handling (#9182)
* Message: enforce sandbox for media param * fix: harden sandboxed media handling (#8780) (thanks @victormier) * chore: format message action runner (#8780) (thanks @victormier) --------- Co-authored-by: Victor Mier <victormier@gmail.com>
This commit is contained in:
Gustavo Madeira Santana
committed by
GitHub
GitHub
parent
5e025c4ba3
commit
4434cae565
@@ -29,7 +29,7 @@ Docs: https://docs.openclaw.ai
|
||||
- Web UI: resolve header logo path when `gateway.controlUi.basePath` is set. (#7178) Thanks @Yeom-JinHo.
|
||||
- Web UI: apply button styling to the new-messages indicator.
|
||||
- Security: keep untrusted channel metadata out of system prompts (Slack/Discord). Thanks @KonstantinMirin.
|
||||
- Security: require explicit credentials for gateway URL overrides to prevent credential leakage. (#8113) Thanks @victormier.
|
||||
- Security: enforce sandboxed media paths for message tool attachments. (#9182) Thanks @victormier.
|
||||
- Voice call: harden webhook verification with host allowlists/proxy trust and keep ngrok loopback bypass.
|
||||
- Cron: accept epoch timestamps and 0ms durations in CLI `--at` parsing.
|
||||
- Cron: reload store data when the store file is recreated or mtime changes.
|
||||
|
||||
Reference in New Issue
Block a user