farcasclaudiu/openclaw
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/openclaw.git synced 2026-06-29 01:02:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

docs(changelog): note gateway /approve scope fix

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-14 22:13:29 +01:00
parent 6a1ad2b499
commit 0b20ee2722
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+1
View File
@@ -525,6 +525,7 @@ Docs: https://docs.openclaw.ai
- Security: enforce access-group gating for Slack slash commands when channel type lookup fails. - Security: enforce access-group gating for Slack slash commands when channel type lookup fails.
- Security: require validated shared-secret auth before skipping device identity on gateway connect. - Security: require validated shared-secret auth before skipping device identity on gateway connect.
- Security: guard skill installer downloads with SSRF checks (block private/localhost URLs). - Security: guard skill installer downloads with SSRF checks (block private/localhost URLs).
- Security/Gateway: require `operator.approvals` for in-chat `/approve` when invoked from gateway clients. Thanks @yueyueL.
- Security: harden Windows exec allowlist; block cmd.exe bypass via single &. Thanks @simecek. - Security: harden Windows exec allowlist; block cmd.exe bypass via single &. Thanks @simecek.
- Discord: route autoThread replies to existing threads instead of the root channel. (#8302) Thanks @gavinbmoore, @thewilloftheshadow. - Discord: route autoThread replies to existing threads instead of the root channel. (#8302) Thanks @gavinbmoore, @thewilloftheshadow.
- Media understanding: apply SSRF guardrails to provider fetches; allow private baseUrl overrides explicitly. - Media understanding: apply SSRF guardrails to provider fetches; allow private baseUrl overrides explicitly.