github Yeachan-Heo/oh-my-claudecode v3.7.2
v3.7.2 - Security Hardening
on GitHub

latest releases: v4.13.6, v4.13.5, v4.13.4...
3 months ago

Security Hardening

Extended Shell Injection Prevention (#146)

  • DANGEROUS_SHELL_CHARS now blocks additional dangerous characters:
    • \r (carriage return), \t (tab), \0 (null byte)
    • {} (brace expansion), [] (bracket globs)
    • *? (wildcards), ~ (tilde expansion)
    • ! (history expansion), # (comment injection)
  • Quotes intentionally allowed ("') - needed for paths with spaces like git diff "file with spaces.ts"
  • 20 new test cases covering all dangerous character categories

Path Traversal Prevention (#148)

  • New isValidFilePath() function in plugin-patterns
  • Blocks shell metacharacters in file paths
  • Blocks .. path traversal attempts
  • Blocks absolute paths
  • Applied to formatFile() and lintFile() functions

Full Changelog: v3.7.1...v3.7.2

Check out latest releases or
releases around Yeachan-Heo/oh-my-claudecode v3.7.2

Don't miss a new oh-my-claudecode release

NewReleases is sending notifications on new releases.

Get notifications