[v1.120.0] - 2026-07-11
New Features
- Added Solarized Dark and Solarized Light TUI themes, by @tigris.
- Added pruning of cross-namespace dependencies: when running a subset of namespaces, a
depends_onreference to a process from an unselected namespace is dropped (with a warning) so the selected processes can start, and the namespace selection now persists across project updates and reloads instead of resurrecting excluded processes, addresses issue #517. - Added debug logging of the exec probe command during health checks - once when probing starts and on probe failures, addresses issue #454.
- Added a notice when requesting CLI logs for an interactive process, whose PTY-rendered output is not captured in the log buffer, addresses issue #511.
Bug Fixes
- Fixed the TUI log viewer mangling log lines containing bracketed text with punctuation or spaces, which was misinterpreted as tview region tags, addresses issue #515.
- Fixed incorrect line wrapping of interactive process output by deferring terminal initialization until the TUI layout is settled and the pane size is known, addresses issue #512.
Security Fixes
- Fixed a DNS-rebinding vulnerability (GHSA-5gm3-9crp-6g3v) in the MCP SSE transport: the SSE listener now validates the
HostandOriginheaders (loopback plus optionaltrusted_hosts) and, when an API token is configured, enforces it viaX-PC-Token-KeyorAuthorization: Bearerbefore dispatching any MCP request.
Changelog
- f9ed11f Add Solarized Dark theme
- d48e7fb Add Solarized Light theme
- 3347f54 Merge branch 'main' of github.com:F1bonacc1/process-compose
- d51d361 Merge branch 'security/GHSA-5gm3-9crp-6g3v'
- d56aa59 Merge pull request #514 from tigris/solarized-themes
- 0f3a8e6 chore: bump version to 1.120.0 and update release notes
- 9080b11 feat: add notice for interactive processes when requesting logs via CLI and clarify behavior in documentation addresses #511
- 1766c94 feat: implement deferred terminal initialization to prevent incorrect line wrapping during TUI layout addresses #512
- e429fa3 feat: log execution probe commands once during health checks addresses #454
- c8642c1 feat: prune cross-namespace dependencies for filtered processes and persist admission policies during updates addresses #517
- 6ffa74f fix(mcp): add Host/Origin/auth trust boundary to SSE listener (GHSA-5gm3-9crp-6g3v)
- 4d964d6 fix: update tview tag regex to correctly escape region tags containing punctuation and spaces addresses #515