spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-20 01:11:18 +00:00

History

A 3b61c22f25 fix(security): validate script templates before base64 encoding (#3132 ) Add pre-encoding validation to reject ${} interpolation patterns in script template strings before they are base64-encoded and injected into systemd services running with root privileges on remote VMs. Defense-in-depth against future regressions where template variable interpolation before encoding could allow command injection. Fixes #3130 Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-04-01 10:15:20 +07:00
..
cli	fix(security): validate script templates before base64 encoding (#3132 )	2026-04-01 10:15:20 +07:00
shared	fix: rethrow normalized Error in tryCatchIf/asyncTryCatchIf (#2930 )	2026-03-23 19:33:05 -07:00

fix(security): validate script templates before base64 encoding (#3132 )

Add pre-encoding validation to reject ${} interpolation patterns in
script template strings before they are base64-encoded and injected
into systemd services running with root privileges on remote VMs.

Defense-in-depth against future regressions where template variable
interpolation before encoding could allow command injection.

Fixes #3130

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-04-01 10:15:20 +07:00

cli

fix(security): validate script templates before base64 encoding (#3132 )

2026-04-01 10:15:20 +07:00

shared

fix: rethrow normalized Error in tryCatchIf/asyncTryCatchIf (#2930 )

2026-03-23 19:33:05 -07:00