vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-06 08:10:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
spawn/shared
History
A fa5b4979e8
fix: upgrade SSH to StrictHostKeyChecking=accept-new (TOFU) and randomize temp paths (#849) 
- Change SSH default from StrictHostKeyChecking=no to accept-new, which
  accepts host keys on first connection but rejects if they change later
  (Trust On First Use). This protects against MITM attacks on subsequent
  connections. Requires OpenSSH 7.6+ (released Oct 2017).
- Replace predictable $$-based temp file path in upload_config_file with
  $RANDOM to prevent symlink attacks on the remote server.

Addresses findings from issue #763.

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-13 02:11:47 -08:00
..
common.sh fix: upgrade SSH to StrictHostKeyChecking=accept-new (TOFU) and randomize temp paths (#849) 2026-02-13 02:11:47 -08:00
github-auth.sh feat: add standalone GitHub auth helper (shared/github-auth.sh) (#824) 2026-02-12 23:37:02 -08:00
key-request.sh feat: qa bot and emails (#565) 2026-02-11 20:19:45 -08:00