github axpdev-lab/aeroftp v3.1.5
AeroFTP v3.1.5
on GitHub

latest releases: v3.8.1, v3.8.0, v3.7.9...
one month ago

[3.1.5] - 2026-03-27

AeroAgent Hardening — APPENDIX-A Execution & Security Audit

Full execution of the AeroAgent evolution plan (APPENDIX-A): 6 areas implemented end-to-end, validated by independent security audit. 19 findings identified, 17 resolved — including 4 HIGH severity.

Added

  • Prompt caching Anthropic: cache_control: { type: "ephemeral" } on system prompt, cache creation/read token metrics propagated to UI with cost savings display
  • Tool result caching: Per-session in-memory cache with deterministic key (tool + args + context + remote_server), 3-tier TTL (3s/10s/20s), nuclear invalidation on mutations, lazy GC with 128-session LRU cap
  • Structured transfer plans: New generate_transfer_plan tool with JSON schema, TransferPlanReview UI component with per-operation checkboxes, dependsOn dependency graph with topological execution and failure propagation across levels
  • CLI/GUI parity & MCP hardening: Real tool-aware agent loop in CLI, MCP tools/list and tools/call derived from CLI dispatcher, recursive path validation, shared deny-list constants between CLI and MCP
  • Agent memory SQLite: New agent_memory_db.rs backend with structured schema, store/search/delete commands, token-scored retrieval, 90-day lazy decay (6h interval, persisted), 500 entry-per-project cap, backend prompt injection sanitization, deduplication
  • Voice input local: New speech.rs with whisper.cpp backend, on-demand model download with SHA-256 integrity verification, WAV mono 16kHz validation, local audio recording, 3-state UX (idle/listening/transcribing), non-blocking transcription

Changed

  • Tool pipeline failure propagation: Pipeline now tracks failed tools and skips dependents with transitive propagation — no more cascading errors when a prerequisite fails
  • Tool approval cache scoping: ToolApproval and BatchToolApproval now forward sessionId for correct cache isolation
  • Cache key includes remote server context: Cache key disambiguated by active server connection, preventing cross-server result leakage
  • Public documentation synchronized with validated behavior: CLI, AeroAgent, GitHub integration, and credential-isolation docs now avoid stale command/protocol counts, clarify profile-backed provider support (including 4shared and Drime), document provider-dependent quota reporting, and align GitHub commit semantics with current REST + GraphQL behavior
  • Appendix-C CLI closure documented with final FTP/FTPS outcome: Added final closure dossier covering C1-C4 status, multi-provider audit conclusions, and the final FTP/FTPS alignment between GUI and CLI

Fixed

  • macOS frozen UI on launch: Removed App Sandbox from entitlements.plist for direct distribution — without Apple Developer signature, sandbox blocks WebKit from loading frontend. Added missing JIT and library validation entitlements required for WebKit. Closes #62
  • CLI shell_execute meta-char bypass: Added shell metacharacter blocking (pipe, semicolon, backtick, $, &, parens, braces, newlines) to CLI shell execution, closing trivial deny-list bypass via pipes or subshells
  • CLI shell_execute working directory not validated: Now validates working directory against deny-list before use — prevents operating in sensitive directories
  • CLI shell_execute deny-list expanded: Extended from 17 to 39 patterns (added sudo, crontab, systemctl, mount, fdisk, passwd, eval, shred, etc.)
  • CLI local_trash/batch_rename/stat_batch path validation: All three tools now validate each individual path, closing deny-list bypass via MCP
  • MCP argument validation incomplete: Added output_path, path_a, path_b, project_path to validated parameters, plus recursive validation of nested JSON structures
  • Deny-list discrepancy CLI vs MCP: Unified into shared constants
  • Agent memory unlimited storage: Capped at 500 entries per project with capacity enforcement before INSERT
  • Agent memory prompt injection via CLI: Backend sanitization applied before SQL INSERT, not just in frontend
  • Whisper model download without integrity check: SHA-256 pinning on model download, verified before atomic rename. Orphan temp file cleanup on all error paths
  • Transfer plan stale cache: Plans are always generated fresh (removed from cache whitelist)
  • FTP CLI recursive/find/stat regressions closed: put -r now pre-creates nested remote directories in parent-first order, FTP find uses real glob matching, and FTP stat no longer emits duplicated entry.path values from MLST/MLSD responses
  • FTPS CLI security semantics aligned with GUI: Removed automatic insecure retry after certificate verification failures; live validation on saved Aruba profile aeroftp.app now fails closed with hostname mismatch unless invalid/self-signed certificate acceptance is explicitly enabled

Security (Independent Audit — 19 findings, 17 resolved)

  • Independent security audit: 4 HIGH, 7 MEDIUM, 8 LOW findings across 6 areas — all HIGH resolved
  • Post-audit hardening verified by second independent review pass
  • macOS entitlements restructured for safe direct distribution without Apple code signing
  • 8 security fixes across CLI/MCP path validation, shell execution, memory storage, and model integrity

Downloads:

  • Windows: .msi installer, .exe, or .zip portable (no installation required)
  • macOS: .dmg disk image
  • Linux: .deb, .rpm, .snap, or .AppImage
Check out latest releases or
releases around axpdev-lab/aeroftp v3.1.5

Don't miss a new aeroftp release

NewReleases is sending notifications on new releases.

Get notifications