RightNow-AI/openfang v0.6.9

v0.6.9 — security patches

on GitHub

Security patches (RUSTSEC advisories that broke v0.6.8 CI):

• rustls-webpki 0.103.10 → 0.103.13:
  • RUSTSEC-2026-0104 — reachable panic in CRL parsing
  • RUSTSEC-2026-0098 — name constraints for URI names incorrectly accepted
  • RUSTSEC-2026-0099 — wildcard name constraints accepted incorrectly
• wasmtime 43.0.1 → 43.0.2:
  • RUSTSEC-2026-0114 — panic allocating a table exceeding host address space

Maintenance:

• cargo fmt applied workspace-wide (CI Format gate green)

All v0.6.8 fixes carried forward:

• #1097 workspace state_dir split
• #1085 dashboard WS auth aligned with HTTP middleware
• #1038 skill_list / skill_describe / skill_execute agent tools
• #995 Requesty provider added
• #1154 OLLAMA_HOST / LMSTUDIO_HOST env override
• #1170 require_signed wired through POST /api/skills/install
• #1174 POST /api/audit/append endpoint
• #1172 HAND.toml SHA-256 to Merkle audit chain
• #780 Telegram message_thread_id routing
• Codex installer findings: CRLF/BOM, package.json, symlink, TOCTOU all closed