farcasclaudiu/openclaw
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/openclaw.git synced 2026-06-29 01:02:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix(macos): harden openclaw deep links

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-14 14:53:20 +01:00
parent 644bef157a
commit 28d9dd7a77
5 changed files with 139 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+6
View File
@@ -6,6 +6,12 @@ Docs: https://docs.openclaw.ai
### Fixes
- macOS: hard-limit unkeyed `openclaw://agent` deep links and ignore `deliver` / `to` / `channel` unless a valid unattended key is provided. Thanks @Cillian-Collins.
## 2026.2.14
### Fixes
- Security/Skills: harden archive extraction for download-installed skills to prevent path traversal outside the target directory. Thanks @markmusson.
- Security/Signal: harden signal-cli archive extraction during install to prevent path traversal outside the install root.
- Security/Hooks: restrict hook transform modules to `~/.openclaw/hooks/transforms` (prevents path traversal/escape module loads via config). Config note: `hooks.transformsDir` must now be within that directory. Thanks @akhmittra.