github getagentseal/codeburn v0.7.1
v0.7.1 Security Hardening
on GitHub

latest releases: mac-v0.9.11, v0.9.11, mac-v0.9.10...
one month ago

External security audit closed. 1 HIGH, 2 MEDIUM, and 1 LOW finding fixed.

Security fixes

  • HIGH Prototype pollution via __proto__ keys in breakdown maps (parser.ts). Null-prototype maps now prevent attacker-controlled JSONL from mutating Object.prototype.
  • MEDIUM Unbounded readFile on session JSONL (13 sites across parser, Codex, Copilot, Pi, context-budget, optimize). New src/fs-utils.ts helper caps reads at 128 MB and streams above 8 MB.
  • MEDIUM SwiftBar directive-separator and ANSI-escape injection via crafted model or category names. Allowlist-based sanitizer now covers every menubar label.
  • LOW Silent error swallow on read failures. New --verbose flag surfaces warnings to stderr.

Added

  • Global --verbose CLI flag
  • 11 new security tests (total suite: 209)

Credits

Full audit findings closed by @lfl1337 (PR #67). Thanks!

Full changelog: v0.7.0...v0.7.1

Check out latest releases or
releases around getagentseal/codeburn v0.7.1

Don't miss a new codeburn release

NewReleases is sending notifications on new releases.

Get notifications