From 0ffa7bf720259f2ee4d2edf9037b6406d4da85cc Mon Sep 17 00:00:00 2001 From: Hunter Bown Date: Fri, 8 May 2026 18:58:01 -0500 Subject: [PATCH] docs(changelog): credit security disclosure across 0.8.22 + 0.8.23 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds a Security bullet to v0.8.23 for the run_tests approval-policy change, and credits @47Cid as the reporter on both the v0.8.22 fetch_url hardening and the v0.8.23 run_tests hardening. Neutral language — no attack-vector detail. --- CHANGELOG.md | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e0ff9ec9..05e3846f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -40,6 +40,8 @@ fixes uncovered during follow-up review. with recent advisories. - **MCP config paths reject traversal** - `load_config`/`save_config` now refuse paths containing `..` components. +- **Hardened `run_tests` approval policy.** Thanks to **@47Cid** for the + responsible disclosure. ### Fixed @@ -86,18 +88,12 @@ fixes uncovered during follow-up review. ## [0.8.22] - 2026-05-08 -A focused security release: validate redirected `fetch_url` targets before -following them so a server-controlled redirect cannot bypass per-domain -network policy or steer the client at private/link-local IPs. +A focused security release. ### Security -- **Validate redirected fetch targets** - the URL the redirect points to is - re-evaluated against the network policy and SSRF guards before any second - request is issued. Previously the policy decision was made only on the - initial URL, so a server response of `Location: http://10.0.0.1/...` could - reach a private host even if `fetch_url` would have rejected the same URL - if requested directly. +- **Hardened `fetch_url` redirect handling.** Thanks to **@47Cid** for the + responsible disclosure. ## [0.8.21] - 2026-05-08