admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
14,640 Commits 1 Branch 0 Tags
36d1e1dcffca8dc5fc9a693841d62af267bd1faa
Commit Graph

14640 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Steinberger
36d1e1dcff refactor(telegram): simplify DM media auth precheck flow 2026-02-24 23:49:10 +00:00
Peter Steinberger
316fad13aa refactor(outbound): unify attachment hydration flow 2026-02-24 23:48:43 +00:00
Brian Mendonca
9924f7c84e fix(security): classify hook sessions case-insensitively 2026-02-24 23:48:09 +00:00
Brian Mendonca
43a3ff3beb Changelog: add entry for exec env sanitization 2026-02-24 23:46:39 +00:00
Brian Mendonca
48b052322b Security: sanitize inherited host exec env 2026-02-24 23:46:39 +00:00
Peter Steinberger
9514201fb9 fix(telegram): block unauthorized DM media downloads 2026-02-24 23:44:50 +00:00
Brian Mendonca
5a64f6d766 Gateway/Security: protect /api/channels plugin root 2026-02-24 23:44:32 +00:00
Peter Steinberger
453664f09d refactor(zalo): split monitor access and webhook logic 2026-02-24 23:40:51 +00:00
Peter Steinberger
58309fd8d9 refactor(matrix,tests): extract helpers and inject send-queue timing 2026-02-24 23:37:50 +00:00
Peter Steinberger
a2529c25ff test(matrix,discord,sandbox): expand breakage regression coverage 2026-02-24 23:37:50 +00:00
Peter Steinberger
13a1c46396 fix(web-search): reduce provider auto-detect log noise 2026-02-24 23:32:29 +00:00
Peter Steinberger
79a7b3d22e test(line): align tmp-root expectation after sandbox hardening 2026-02-24 23:31:54 +00:00
Peter Steinberger
79e2328935 docs: update changelog for safe-bin hardening 2026-02-24 23:30:55 +00:00
Peter Steinberger
b4010a0b62 fix(zalo): enforce group sender policy in groups 2026-02-24 23:30:43 +00:00
Peter Steinberger
4355e08262 refactor: harden safe-bin trusted dir diagnostics 2026-02-24 23:29:44 +00:00
Peter Steinberger
5c2a483375 refactor(outbound): centralize attachment media policy 2026-02-24 23:29:05 +00:00
Peter Steinberger
54648a9cf1 refactor: centralize followup origin routing helpers 2026-02-24 23:28:58 +00:00
Peter Steinberger
9b53102100 test: add routing/session isolation edge-case regressions 2026-02-24 23:28:58 +00:00
Peter Steinberger
9fccf60733 refactor(synology-chat): centralize DM auth and fail fast startup 2026-02-24 23:28:40 +00:00
Peter Steinberger
e7a5f9f4d8 fix(channels,sandbox): land hard breakage cluster from reviewed PR bases 
Lands reviewed fixes based on #25839 (@pewallin), #25841 (@joshjhall), and #25737/@25713 (@DennisGoldfinger/@peteragility), with additional hardening + regression tests for queue cleanup and shell script safety.

Fixes #25836
Fixes #25840
Fixes #25824
Fixes #25868

Co-authored-by: Peter Wallin <pwallin@gmail.com>
Co-authored-by: Joshua Hall <josh@yaplabs.com>
Co-authored-by: Dennis Goldfinger <dennisgoldfinger@gmail.com>
Co-authored-by: peteragility <peteragility@users.noreply.github.com>
 2026-02-24 23:27:56 +00:00
Peter Steinberger
5552f9073f refactor(sandbox): centralize network mode policy helpers 2026-02-24 23:26:46 +00:00
Peter Steinberger
14b6eea6e3 feat(sandbox): block container namespace joins by default 2026-02-24 23:20:34 +00:00
Peter Steinberger
ccbeb332e0 fix: harden routing/session isolation for followups and heartbeat 2026-02-24 23:20:27 +00:00
Peter Steinberger
7655c0cb3a docs(changelog): add synology-chat allowlist fail-closed note 2026-02-24 23:18:18 +00:00
Peter Steinberger
0ee30361b8 fix(synology-chat): fail closed empty allowlist 2026-02-24 23:18:17 +00:00
Peter Steinberger
270ab03e37 fix: enforce local media root checks for attachment hydration 2026-02-24 23:17:48 +00:00
Peter Steinberger
b67e600bff fix(security): restrict default safe-bin trusted dirs 2026-02-24 23:13:37 +00:00
Peter Steinberger
2d159e5e87 docs(security): document openclaw temp-folder boundary 2026-02-24 23:11:19 +00:00
Peter Steinberger
d3da67c7a9 fix(security): lock sandbox tmp media paths to openclaw roots 2026-02-24 23:10:19 +00:00
Peter Steinberger
bf8ca07deb fix(config): soften antigravity removal fallout (#25538) 
Land #25538 by @chilu18 to keep legacy google-antigravity-auth config entries non-fatal after removal (see #25862).

Co-authored-by: chilu18 <chilu.machona@icloud.com>
 2026-02-24 23:02:45 +00:00
Shakker
039ae0b77c chore: refresh lockfile after plugin devDependency cleanup 2026-02-24 22:50:47 +00:00
Shakker
955cc9029f chore: sync plugin versions to 2026.2.24 2026-02-24 22:45:46 +00:00
Peter Steinberger
f4e6f87303 refactor(ios): drop legacy talk payload and keychain fallbacks 2026-02-24 22:39:37 +00:00
Shakker
853f75592f changelog: include #25847 in chat image safety entry (#25847) (thanks @shakkernerd) 2026-02-24 22:28:58 +00:00
Shakker
30cb849b10 test(ui): reject base64 SVG data URLs 2026-02-24 22:28:58 +00:00
Shakker
e7298b844f changelog: credit both chat-image fix contributors 2026-02-24 22:28:58 +00:00
Shakker
e9750104b2 ui: block svg data image opens and harden tests 2026-02-24 22:28:58 +00:00
Peter Steinberger
9ef0fc2ff8 fix(sandbox): block @-prefixed workspace path bypass 2026-02-24 17:23:14 +00:00
Ayaan Zaidi
f154926cc0 fix: land telegram empty-html fallback hardening (#25096) (thanks @Glucksberg) 2026-02-24 22:34:21 +05:30
Ayaan Zaidi
6e31bca198 fix(telegram): fail loud on empty text fallback 2026-02-24 22:34:21 +05:30
Glucksberg
566a8e7137 chore(telegram): suppress handled empty-text retry logs 2026-02-24 22:34:21 +05:30
Glucksberg
51b3e23680 fix(telegram): fallback to plain text when threaded markdown renders empty 
Minimal fix path for Telegram empty-text failures in threaded replies.

- fallback to plain text when formatted htmlText is empty
- retry plain text on parse/empty-text API errors
- add focused regression test for threaded mode case

Related: #25091
Supersedes alternative fix path in #17629 if maintainers prefer minimal scope.
 2026-02-24 22:34:21 +05:30
Ayaan Zaidi
00de3ca833 fix: widen external link rel token set type 2026-02-24 22:15:42 +05:30
Ayaan Zaidi
8892a1cd45 refactor(android-ui): unify gateway config resolution paths 2026-02-24 22:13:49 +05:30
Ayaan Zaidi
7a74cf34ba fix(android-security): remove token-derived logging from prefs 2026-02-24 22:13:49 +05:30
Ayaan Zaidi
8b24830e07 fix(android-gateway): avoid token clear on transient connect failure 2026-02-24 22:13:49 +05:30
Ayaan Zaidi
e11e329238 refactor(android-chat): move thread selector above composer 2026-02-24 22:13:49 +05:30
Ayaan Zaidi
75f145ebcc docs(android): document alpha rebuild status and feature checklist 2026-02-24 22:13:49 +05:30
Ayaan Zaidi
baf98a87f6 refactor(android-settings): remove gateway controls duplicated in connect 2026-02-24 22:13:49 +05:30
Ayaan Zaidi
bb27884474 feat(android-tabs): add coming-soon voice and screen tabs 2026-02-24 22:13:49 +05:30