farcasclaudiu/openclaw
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/openclaw.git synced 2026-06-29 07:01:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix(archive): enforce extraction resource limits

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-14 15:30:05 +01:00
parent c8424bf29a
commit d3ee5deb87
3 changed files with 200 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+1
View File
@@ -13,6 +13,7 @@ Docs: https://docs.openclaw.ai
- Security: fix Chutes manual OAuth login state validation (thanks @aether-ai-agent). (#16058)
- macOS: hard-limit unkeyed `openclaw://agent` deep links and ignore `deliver` / `to` / `channel` unless a valid unattended key is provided. Thanks @Cillian-Collins.
- Security/Google Chat: deprecate `users/<email>` allowlists (treat `users/...` as immutable user id only); keep raw email allowlists for usability. Thanks @vincentkoc.
- Security/Archive: enforce archive extraction entry/size limits to prevent resource exhaustion from high-expansion ZIP/TAR archives. Thanks @vincentkoc.
## 2026.2.14