spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-04-28 03:49:31 +00:00

History

A 3978ff6d4d fix: apply validateLaunchCmd to manifest fallback path in connect.ts (#2455 ) Security: the manifest-derived fallback path in connect.ts bypassed the validateLaunchCmd() allowlist that guards history-derived commands. A malicious or modified manifest.json cache could inject arbitrary commands executed on the remote VM via SSH. Fixes #2453 Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-03-10 15:28:00 -04:00
..
cli	fix: apply validateLaunchCmd to manifest fallback path in connect.ts (#2455 )	2026-03-10 15:28:00 -04:00
shared	refactor: restore @openrouter/spawn-shared workspace package (#2405 )	2026-03-09 17:14:26 -07:00

fix: apply validateLaunchCmd to manifest fallback path in connect.ts (#2455 )

Security: the manifest-derived fallback path in connect.ts bypassed the
validateLaunchCmd() allowlist that guards history-derived commands. A
malicious or modified manifest.json cache could inject arbitrary commands
executed on the remote VM via SSH.

Fixes #2453

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-03-10 15:28:00 -04:00

cli

fix: apply validateLaunchCmd to manifest fallback path in connect.ts (#2455 )

2026-03-10 15:28:00 -04:00

shared

refactor: restore @openrouter/spawn-shared workspace package (#2405 )

2026-03-09 17:14:26 -07:00