Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20,309 Commits 756 Branches 79 Tags
Commit Graph

9 Commits

Author SHA1 Message Date
Andrew Demczuk
089a43f5e8
fix(security): block build-tool and glibc env injection vectors in host exec sandbox (#49702) 
Add GLIBC_TUNABLES, MAVEN_OPTS, SBT_OPTS, GRADLE_OPTS, ANT_OPTS,
DOTNET_ADDITIONAL_DEPS to blockedKeys and GRADLE_USER_HOME to
blockedOverrideKeys in the host exec security policy.

Closes #22681
 2026-03-18 13:11:01 +01:00
Andrew Demczuk
f84a41dcb8
fix(security): block JVM, Python, and .NET env injection vectors in host exec sandbox (#49025) 
Add JAVA_TOOL_OPTIONS, _JAVA_OPTIONS, JDK_JAVA_OPTIONS, PYTHONBREAKPOINT, and
DOTNET_STARTUP_HOOKS to blockedKeys in the host exec security policy.

Closes #22681
 2026-03-17 15:37:55 +01:00
Vincent Koc
1dcef7b644
Infra: block GIT_EXEC_PATH in host env sanitizer (#43685) 
* Infra: block GIT_EXEC_PATH in host env sanitizer

* Changelog: note host env hardening
 2026-03-12 01:16:03 -04:00
Peter Steinberger
e27bbe4982 fix(exec): block dangerous override-only env pivots 2026-03-07 19:18:05 +00:00
Peter Steinberger
9a4b2266cc fix(security): bind node system.run approvals to env 2026-02-26 16:38:07 +01:00
Peter Steinberger
e80c803fa8 fix(security): block shell env allowlist bypass in system.run 2026-02-22 12:47:05 +01:00
Peter Steinberger
c2c7114ed3 fix(security): block HOME and ZDOTDIR env override injection 2026-02-22 09:42:55 +01:00
Peter Steinberger
25e89cc863 fix(security): harden shell env fallback 2026-02-21 20:01:08 +01:00
Peter Steinberger
f202e73077 refactor(security): centralize host env policy and harden env ingestion 2026-02-21 13:04:39 +01:00