vrr/agent-zero
2
0
Fork 0
mirror of https://github.com/agent0ai/agent-zero.git synced 2026-05-19 07:59:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
agent-zero/tests
History
Alessandro b73da881c6 Upgrade FastMCP to 3.2.4 / MCP to 1.27.0 for CVE-2026-32871 
Bump FastMCP from 2.13.1 to 3.2.4 and MCP from 1.22.0 to 1.27.0
to remediate CVE-2026-32871 (GHSA-vv7q-7jx5-f767), as flagged by
Docker Scout.

Add a regression test covering OpenAPI path-parameter escaping so
malicious values like ../../../admin/delete-all? remain percent-encoded
under the intended route prefix instead of resolving to a different
backend path.

Validation:
- smoke-tested Agent Zero MCP initialization against fastmcp 3.2.4 + mcp 1.27.0
- PYTHONPATH=/tmp/agent-zero-testdeps python3 -m pytest tests/test_fastmcp_openapi_security.py -q

Refs:
- CVE-2026-32871
- Docker Scout: https://scout.docker.com/vulnerabilities/id/CVE-2026-32871
- GitHub advisory: https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-vv7q-7jx5-f767
- Related upstream issue: https://github.com/agent0ai/agent-zero/issues/1526
2026-04-16 15:21:01 +02:00
..
chunk_parser_test.py File Tree: Fixed other tests to make full test suite functional 2025-11-09 15:13:04 +01:00
email_parser_test.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
rate_limiter_test.py projects continued 2025-11-03 16:17:12 +01:00
test_browser_agent_regressions.py refactor: extract browser agent into built-in plugin 2026-03-23 15:21:57 +01:00
test_default_prompt_budget.py prompts: adopt compact defaults and rebalance guidance 2026-03-30 21:44:20 +02:00
test_dirty_json.py stop tool dispatch at first completed json object 2026-04-03 16:56:21 +02:00
test_docker_release_plan.py Add automatic Docker builds when release tags reach testing/main branches 2026-03-26 08:22:18 +01:00
test_extensions_stress.py refactor: improve caching system and optimize extension/plugin path resolution 2026-03-18 12:40:33 +01:00
test_fasta2a_client.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
test_fastmcp_openapi_security.py Upgrade FastMCP to 3.2.4 / MCP to 1.27.0 for CVE-2026-32871 2026-04-16 15:21:01 +02:00
test_file_tree_visualize.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
test_git_version_label.py Add latest selector option to self-update with branch head resolution for testing/development and newest tag resolution for main 2026-03-26 10:44:12 +01:00
test_http_auth_csrf.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
test_model_config_api_keys.py ux: onboarding flow prototype 2026-03-27 18:46:09 +01:00
test_multi_tab_isolation.py Rebuild test suite & update documentation 2026-03-26 01:12:22 -07:00
test_persist_chat_log_ids.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
test_print_style.py Sanitize print logs; refactor popular plugin logic 2026-03-30 11:50:59 +02:00
test_run_ui_config.py WebSocket merge 2026-02-01 16:07:45 +01:00
test_self_update_tag_filter.py fix: apply btn-field class to disabled update buttons in self-update modal 2026-03-31 15:29:51 +02:00
test_settings_developer_sections.py Settings polishing, logout button 2026-02-05 22:02:49 +01:00
test_snapshot_parity.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
test_snapshot_schema_v1.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
test_socketio_library_semantics.py WebSocket merge 2026-02-01 16:07:45 +01:00
test_socketio_unknown_namespace.py WebSocket merge 2026-02-01 16:07:45 +01:00
test_state_monitor.py Rebuild test suite & update documentation 2026-03-26 01:12:22 -07:00
test_state_sync_handler.py Rebuild test suite & update documentation 2026-03-26 01:12:22 -07:00
test_state_sync_welcome_screen.py Rebuild test suite & update documentation 2026-03-26 01:12:22 -07:00
test_stream_tool_early_stop.py stop tool dispatch at first completed json object 2026-04-03 16:56:21 +02:00
test_webui_extension_surfaces.py ui: plus menu for additional chat actions 2026-03-26 11:55:14 +01:00
test_whatsapp_bridge_manager.py Squashed commit of the following: 2026-03-31 09:47:25 +02:00
test_whatsapp_number_utils.py Squashed commit of the following: 2026-03-31 09:47:25 +02:00
test_whatsapp_storage_paths.py Squashed commit of the following: 2026-03-31 09:47:25 +02:00
test_ws_client_api_surface.py Rebuild test suite & update documentation 2026-03-26 01:12:22 -07:00
test_ws_csrf.py Rebuild test suite & update documentation 2026-03-26 01:12:22 -07:00
test_ws_handlers.py Rebuild test suite & update documentation 2026-03-26 01:12:22 -07:00
test_ws_manager.py fix: resolve option whitelist, memory leak, task tracking, and dispatch unification 2026-03-27 01:21:45 -07:00
test_ws_security.py Rebuild test suite & update documentation 2026-03-26 01:12:22 -07:00