Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
openclaw/src
History
aether-ai-agent 749e28dec7 fix(security): block dangerous tools from HTTP gateway and fix ACP auto-approval (OC-02) 
Two critical RCE vectors patched:

Vector 1 - Gateway HTTP /tools/invoke:
- Add DEFAULT_GATEWAY_HTTP_TOOL_DENY blocking sessions_spawn,
  sessions_send, gateway, whatsapp_login from HTTP invocation
- Apply deny filter after existing policy cascade, before tool lookup
- Add gateway.tools.{allow,deny} config override in GatewayConfig

Vector 2 - ACP client auto-approval:
- Replace blind allow_once selection with danger-aware permission handler
- Dangerous tools (exec, sessions_spawn, etc.) require interactive confirmation
- Safe tools retain auto-approve behavior (backward compatible)
- Empty options array now denied (was hardcoded "allow")
- 30s timeout auto-denies to prevent hung sessions

CWE-78 | CVSS:3.1 9.8 Critical
2026-02-13 14:30:06 +01:00
..
acp
fix(security): block dangerous tools from HTTP gateway and fix ACP auto-approval (OC-02)
2026-02-13 14:30:06 +01:00
agents
fix: land multi-agent session path fix + regressions (#15103) (#15448)
2026-02-13 14:17:24 +01:00
auto-reply
fix: land multi-agent session path fix + regressions (#15103) (#15448)
2026-02-13 14:17:24 +01:00
browser
fix(browser): hide navigator.webdriver from reCAPTCHA v3 detection (openclaw#10735) thanks @Milofax
2026-02-12 20:16:28 -06:00
canvas-host
fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas (#4824)
2026-02-07 22:16:59 -05:00
channels
fix(outbound): return error instead of silently redirecting to allowList[0] (#13578)
2026-02-13 05:20:03 +01:00
cli
perf(test): optimize heavy suites and stabilize lock timing
2026-02-13 13:29:07 +00:00
commands
test: add pickAsset unit tests for architecture-aware signal-cli install
2026-02-13 14:25:26 +01:00
compat
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
config
fix(security): block dangerous tools from HTTP gateway and fix ACP auto-approval (OC-02)
2026-02-13 14:30:06 +01:00
cron
perf(test): optimize heavy suites and stabilize lock timing
2026-02-13 13:29:07 +00:00
daemon
perf(test): optimize heavy suites and stabilize lock timing
2026-02-13 13:29:07 +00:00
discord
Discord: honor Administrator in permission checks
2026-02-12 19:53:22 -06:00
docs
Docs: landing page revamp (#8885)
2026-02-04 10:37:14 -05:00
gateway
fix(security): block dangerous tools from HTTP gateway and fix ACP auto-approval (OC-02)
2026-02-13 14:30:06 +01:00
hooks
perf(test): optimize heavy suites and stabilize lock timing
2026-02-13 13:29:07 +00:00
imessage
fix(auto-reply): prevent sender spoofing in group prompts
2026-02-10 00:44:38 -06:00
infra
perf(test): optimize heavy suites and stabilize lock timing
2026-02-13 13:29:07 +00:00
line
fix(auto-reply): prevent sender spoofing in group prompts
2026-02-10 00:44:38 -06:00
link-understanding
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
logging
Browser/Logging: share default openclaw tmp dir resolver
2026-02-12 16:44:04 -05:00
macos
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
markdown
feat(telegram): render blockquotes as native <blockquote> tags (#14608) (#14626)
2026-02-12 08:11:57 -05:00
media
fix: harden OpenResponses URL input fetching
2026-02-13 01:38:49 +01:00
media-understanding
fix: fix: transcribe audio before mention check in groups with requireMention (openclaw#9973) thanks @mcinteerj
2026-02-12 09:58:01 -06:00
memory
(fix): handle Cloudflare 521 and transient 5xx errors gracefully (#13500)
2026-02-11 21:42:33 -06:00
node-host
fix: prevent act:evaluate hangs from getting browser tool stuck/killed (#13498)
2026-02-11 07:54:48 +08:00
pairing
fix(pairing): use actual code in pairing approval text
2026-02-10 19:48:02 -05:00
plugin-sdk
Update contributing, deduplicate more functions
2026-02-09 19:21:33 -08:00
plugins
CLI: add plugins uninstall command (#5985) (openclaw#6141) thanks @JustasMonkev
2026-02-12 20:11:26 -06:00
process
fix(gateway): drain active turns before restart to prevent message loss (#13931)
2026-02-12 07:55:19 -06:00
providers
chore: Fix failing test.
2026-02-09 09:58:58 +09:00
routing
fix: add discord role allowlists (#10650) (thanks @Minidoracat)
2026-02-12 19:52:24 -06:00
scripts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
security
fix(security): distinguish webhooks from internal hooks in audit summary (#13474)
2026-02-13 04:46:27 +01:00
sessions
fix: preserve inter-session input provenance (thanks @anbecker)
2026-02-13 02:02:01 +01:00
shared/text
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
signal
Signal: satisfy lint
2026-02-12 14:37:55 -08:00
slack
fix(slack): populate thread session with existing thread history (#7610)
2026-02-13 05:51:04 +01:00
telegram
test: stabilize telegram media timing tests
2026-02-13 02:13:15 +01:00
terminal
fix(onboarding): exit cleanly after web ui hatch
2026-02-13 03:20:32 +01:00
test-helpers
fix: use STATE_DIR instead of hardcoded ~/.openclaw for identity and canvas (#4824)
2026-02-07 22:16:59 -05:00
test-utils
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
tts
fix(tts): strip markdown before sending text to TTS engines (#13237)
2026-02-12 10:46:57 -05:00
tui
Centralize date/time formatting utilities (#11831)
2026-02-08 04:53:31 -08:00
types
fix: update pi packages to 0.51.0, remove bogus type augmentation
2026-02-02 01:52:33 +01:00
utils
refactor: consolidate fetchWithTimeout into shared utility
2026-02-09 20:34:56 -08:00
web
perf(test): optimize heavy suites and stabilize lock timing
2026-02-13 13:29:07 +00:00
whatsapp
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
wizard
test: speed up test suite and trim redundant onboarding tests
2026-02-13 04:30:48 +00:00
channel-web.barrel.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
channel-web.ts
docker-setup.test.ts
fix(tts): strip markdown before sending text to TTS engines (#13237)
2026-02-12 10:46:57 -05:00
entry.ts
Centralize date/time formatting utilities (#11831)
2026-02-08 04:53:31 -08:00
extensionAPI.ts
chore: Migrate to tsdown, speed up JS bundling by ~10x (thanks @hyf0).
2026-02-03 20:18:16 +09:00
globals.test.ts
globals.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
index.test.ts
index.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
logger.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
logger.ts
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
2026-01-31 16:19:20 +09:00
logging.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
polls.test.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
polls.ts
runtime.ts
CLI: restore terminal state on exit
2026-02-03 06:10:19 +00:00
utils.test.ts
fix(paths): structurally resolve home dir to prevent Windows path bugs (#12125)
2026-02-08 20:06:29 -05:00
utils.ts
Deduplicate more
2026-02-09 18:56:58 -08:00
version.test.ts
fix: CLI harden update restart imports and fix nested bundle version resolution
2026-02-06 00:09:48 -05:00
version.ts
fix: CLI harden update restart imports and fix nested bundle version resolution
2026-02-06 00:09:48 -05:00