github github/gh-aw v0.43.5
on GitHub

latest releases: v0.43.7, v0.43.6
23 hours ago

🌟 Release Highlights

A security-focused maintenance release that hardens file operations and refines sandbox configuration, plus important bug fixes for compilation feedback.

🔒 Security Improvements

  • Path Traversal Protection (#14883): Standardized path validation across all file operations using fileutil.ValidateAbsolutePath() to prevent malicious path traversal attacks. All file reads/writes now enforce absolute path requirements.

⚠️ Breaking Changes

  • Sandbox Configuration Update (#14888): Deprecated top-level sandbox: false in favor of sandbox.agent: false for more granular control. The new syntax allows disabling the agent firewall while keeping MCP gateway enabled.

    Migration: 

    # ❌ Old (deprecated)
sandbox: false

# ✅ New
sandbox:
  agent: false

🐛 Bug Fixes

  • Compilation Error Visibility (#14901): Fixed a critical issue where validation errors weren't displayed during gh aw compile, leaving users unaware of workflow problems. Error messages now properly appear in compilation output.

⚡ Updates

  • Firewall Update (#14903): Updated gh-aw-firewall to v0.14.0 with latest security patches and performance improvements.
  • MCP Simplification (#14887): Removed jq filter support from MCP server tools. Users should use native filtering options or adjust max_tokens parameter for response size control.

📚 Documentation

  • Setup Guidance (#14909): Added video tutorial for configuring Copilot organization tokens to help teams get started faster.

🔧 Internal Improvements

  • Test suite cleanup after sandbox: false deprecation and jq removal
  • Build system refinements for utility packages
  • Code refactoring: Extracted duplicate expires field preprocessing into shared helper

For complete details, see the CHANGELOG.

Generated by Release

What's Changed

  • Standardize path validation across file operations to prevent path traversal by @Copilot in #14883
  • Remove jq filter support from MCP server tools by @Copilot in #14887
  • Extract duplicate expires preprocessing logic into shared helper by @Copilot in #14899
  • Remove sandbox: false, add sandbox.agent: false for firewall-only disable by @Copilot in #14888
  • Update awf (gh-aw-firewall) to v0.14.0 by @Copilot in #14903
  • Fix error messages not shown in gh aw compile output by @Copilot in #14901

Full Changelog: v0.43.4...v0.43.5

Check out latest releases or
releases around github/gh-aw v0.43.5

Don't miss a new gh-aw release

NewReleases is sending notifications on new releases.

Get notifications