fix(security): harden SSH target handling (#4001)

Thanks @YLChen-007. Co-authored-by: Edward-x <YLChen-007@users.noreply.github.com>
2026-06-29 01:02:03 +03:00 · 2026-01-29 16:33:36 +00:00
parent 4b5514a259
commit 06289b36da
8 changed files with 82 additions and 5 deletions
@@ -6,6 +6,7 @@ Docs: https://docs.molt.bot
 Status: beta.

 ### Changes
+- Security: harden SSH tunnel target parsing to prevent option injection/DoS. (#4001) Thanks @YLChen-007.
 - Rebrand: rename the npm package/CLI to `moltbot`, add a `moltbot` compatibility shim, and move extensions to the `@moltbot/*` scope.
 - Commands: group /help and /commands output with Telegram paging. (#2504) Thanks @hougangdev.
 - macOS: limit project-local `node_modules/.bin` PATH preference to debug builds (reduce PATH hijacking risk).