openclaw

mirror of https://github.com/openclaw/openclaw.git synced 2026-05-29 23:35:05 +00:00

Author	SHA1	Message	Date
Shadow	a7a9a3d3c8	fix: allowlist Discord CDN hostnames for SSRF media (#33275 ) (thanks @thewilloftheshadow) (#33275 )	2026-03-03 11:17:27 -06:00
Shadow	d493861c16	fix: discord mention handling (#33224 ) (thanks @thewilloftheshadow) (#33224 )	2026-03-03 10:32:22 -06:00
Peter Steinberger	9d30159fcd	refactor: dedupe channel and gateway surfaces	2026-03-02 19:57:33 +00:00
Peter Steinberger	25b731c34a	fix: harden discord media fallback regressions (#28906 ) (thanks @Sid-Qin)	2026-03-02 03:05:12 +00:00
SidQin-cyber	0a67033fe3	fix(discord): keep attachment metadata when media fetch is blocked Preserve inbound attachment/sticker metadata in Discord message context when media download fails (for example due to SSRF blocking), so agents still see file references instead of silent drops. Closes #28816	2026-03-02 03:05:12 +00:00
Sid	39a45121d9	fix(discord,slack): add SSRF policy for media downloads in proxy environments (#25475 ) * fix(discord,slack): add SSRF policy for media downloads in proxy environments Discord and Slack media downloads (attachments, stickers, forwarded images) call fetchRemoteMedia without any ssrfPolicy. When running behind a local transparent proxy (Clash, mihomo, Shadowrocket) in fake-ip mode, DNS returns virtual IPs in the 198.18.0.0/15 range, which the SSRF guard blocks. Add per-channel SSRF policy constants—matching the pattern already applied to Telegram on main—that allowlist known CDN hostnames and set allowRfc2544BenchmarkRange: true. Refs #25355, #25322 Co-authored-by: Cursor <cursoragent@cursor.com> * chore(slack): keep raw-fetch allowlist line anchors stable --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>	2026-03-01 11:30:10 -06:00
Shakker	a0a229a3bb	Discord: align embed fallback in thread starter parsing	2026-02-25 23:58:42 +00:00
User	39cc547f74	fix(discord): include embed title in fallback text (#26907 )	2026-02-25 23:58:42 +00:00
Peter Steinberger	97e56cb73c	fix(discord): land proxy/media/reaction/model-picker regressions Reimplements core Discord fixes from #25277 #25523 #25575 #25588 #25731 with expanded tests. - thread proxy-aware fetch into inbound attachment/sticker downloads - fetch /gateway/bot via proxy dispatcher before ws connect - wire statusReactions emojis/timing overrides into controller - compact model-picker custom_id keys with backward-compatible parsing Co-authored-by: openperf <openperf@users.noreply.github.com> Co-authored-by: chilu18 <chilu18@users.noreply.github.com> Co-authored-by: Yipsh <Yipsh@users.noreply.github.com> Co-authored-by: lbo728 <lbo728@users.noreply.github.com> Co-authored-by: s1korrrr <s1korrrr@users.noreply.github.com>	2026-02-25 00:03:30 +00:00
Peter Steinberger	1e1851a991	test(discord): use lightweight clears for media utility mocks	2026-02-22 07:35:54 +00:00
Peter Steinberger	73d93dee64	fix: enforce inbound media max-bytes during remote fetch	2026-02-21 23:02:29 +01:00
Shadow	1eec2aee4f	Discord: ingest inbound stickers	2026-02-20 16:47:47 -06:00
Peter Steinberger	a1cb700a05	test: dedupe and optimize test suites	2026-02-19 15:19:38 +00:00
Peter Steinberger	b099171db5	perf(test): dedupe slow discord monitor cases	2026-02-18 04:04:04 +00:00
cpojer	f2f17bafbc	chore: Fix types in tests 30/N.	2026-02-17 14:32:57 +09:00
pip-nomel	1567d6cbb4	feat(discord): download attachments from forwarded messages (#17049 ) Co-authored-by: Shadow <shadow@openclaw.ai>	2026-02-16 15:23:40 -06:00
Shakker	09566b1693	fix(discord): preserve channel session keys via channel_id fallbacks (#17622 ) * fix(discord): preserve channel session keys via channel_id fallbacks * docs(changelog): add discord session continuity note * Tests: cover discord channel_id fallback --------- Co-authored-by: Shadow <hi@shadowing.dev>	2026-02-15 20:30:17 -06:00

17 Commits