github Vexa-ai/vexa v0.10.1
v0.10.1 — OSS security hardening
on GitHub

latest release: v0.10.2
3 hours ago

Security patch release on top of v0.10 — closes two reporter-filed CVEs and lands 6 upstream-hardening packs.

CVEs closed

CVE Severity Advisory Reporter
CVE-2026-25058 HIGH (7.5) Unauthenticated internal transcript endpoint exposed by default Ariel Silver (@SilverPlate3)
CVE-2026-25883 MED (5.8) SSRF in the Vexa webhook feature Ariel Silver (@SilverPlate3)

Both reports were filed 2026-01-28/29 under a 60-day coordinated disclosure embargo. Fix-and-publish in this release.

Hardening packs

  • Pack Ameeting-api GET /internal/transcripts/{id} now requires X-Internal-Secret (fail-closed admin-api pattern; 503 if INTERNAL_API_SECRET unset and DEV_MODE=false). Closes CVE-2026-25058.
  • Pack B — webhook SSRF regression guard: 20+ URL pytest matrix (cloud metadata, RFC1918, IPv6 ULA/link-local, multicast, internal Docker hostnames, non-http schemes). validate_webhook_url was shipped earlier; this locks it in so a future refactor cannot silently drop it.
  • Pack C.1 — explicit h11>=0.16.0 pin across every Python service's requirements (10 files). Closes transitive CVE-2025-43859 (HTTP/1.1 pipelined response-header leak). httpx>=0.28.1 bumped where needed to satisfy the h11 constraint.
  • Pack C.2docs_url / redoc_url / openapi_url env-gated on VEXA_ENV across 9 FastAPI services. Default-deny on VEXA_ENV=production; on in development / staging.
  • Pack D — CDP WebSocket proxy:
    • webSocketDebuggerUrl rewrite preserves the inbound scheme via X-Forwarded-Proto (emits wss:// behind HTTPS gateways, not ws://).
    • Bare /b/{token}/cdp accepted as a first-class route (no more 307 scheme-downgrade via FastAPI's default redirect_slashes=True).
    • Unblocks Playwright chromium.connectOverCDP() against hosted deployments. See #122.
  • Pack E.1basic-ftp bumped 5.0.5 → 5.3.0 in both services/vexa-bot/ lockfiles. Closes GHSA-6v7q-wjvx-w8wg (CRLF injection), GHSA-chqc-8p9q-pq6q (CRLF injection), GHSA-rp42-5vxx-qpwr (DoS).

Infrastructure

  • deploy/compose/docker-compose.yml + deploy/helm/charts/vexa/templates/deployment-meeting-api.yaml both pass INTERNAL_API_SECRET into the meeting-api container; helm reads from the existing admin-token secret.

PRs

  • #214 (security/260419-oss-securitydev) — the main work
  • #215 (devmain) — release

Upgrade

docker compose pull && docker compose up -d --force-recreate
# or pin explicitly:
IMAGE_TAG=v0.10.1 docker compose up -d --force-recreate

vexaai/*:latest already points here.

Credit

Huge thanks to Ariel Silver for the detailed reports, the CVSS analysis, and for the extended patience through the release cycle.

Check out latest releases or
releases around Vexa-ai/vexa v0.10.1

Don't miss a new vexa release

NewReleases is sending notifications on new releases.

Get notifications