spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-11 13:20:05 +00:00

History

A 988f5bb7a9 fix(security): validate bun path before symlinking in install.sh (fixes #3009 ) (#3011 ) Add allowlist validation for the bun binary path resolved via `command -v bun` before using it in symlink operations that may run with sudo privileges. If bun is found at an unexpected location, skip the symlink and warn the user. This prevents a privilege escalation attack where a malicious binary on PATH could be symlinked to /usr/local/bin/bun with elevated privileges. Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-03-26 05:37:45 -07:00
..
aws	docs: add missing agent entries to all cloud READMEs (#2494 )	2026-03-11 05:49:50 -04:00
cli	fix(security): validate bun path before symlinking in install.sh (fixes #3009 ) (#3011 )	2026-03-26 05:37:45 -07:00
digitalocean	fix(do): skip _run_with_restart in headless mode to prevent duplicate droplets (#2805 )	2026-03-19 16:12:25 -07:00
docker	feat: add junie Dockerfile for Docker image builds (#2601 )	2026-03-13 19:40:51 -07:00
e2e	fix(e2e): improve interactive harness failure logging (#2951 )	2026-03-24 08:45:19 -07:00
gcp	feat(gcp): default boot disk to 40 GB, configurable via GCP_DISK_SIZE (#2867 )	2026-03-22 11:21:05 +07:00
hetzner	docs: add missing agent entries to all cloud READMEs (#2494 )	2026-03-11 05:49:50 -04:00
local	docs: add missing agent entries to all cloud READMEs (#2494 )	2026-03-11 05:49:50 -04:00
shared	fix: add sprite-keep-running.sh, remove Hetzner from Packer, cleanup on cancel (#2869 )	2026-03-22 18:13:38 +00:00
sprite	docs: add missing agent entries to all cloud READMEs (#2494 )	2026-03-11 05:49:50 -04:00
test	fix: add ai-review.sh to bash -n syntax check list in e2e-lib.sh (#3005 )	2026-03-26 03:12:07 -07:00