- SSRF protection in media fetch: block private IPs, localhost, link-local
addresses using ipaddr.js; manually follow redirects to validate each hop
- Path traversal protection in web media: allowlist ~/.clawdbot and tmpdir,
follow symlinks to prevent escape attacks
- Shell injection fix in CLI credentials: use spawnSync with argument arrays
instead of execSync with string interpolation
- Rate limiting for gateway auth: 5 failures = 1 minute lockout, prevents
brute-force attacks
- Tailscale auth failure tracking: record failures for whois mismatches
- Logger permissions: set 0o700 on log directory, warn if chmod fails
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(sessions): add channelIdleMinutes config for per-channel session idle durations
Add new `channelIdleMinutes` config option to allow different session idle
timeouts per channel. For example, Discord sessions can now be configured
to last 7 days (10080 minutes) while other channels use shorter defaults.
Config example:
sessions:
channelIdleMinutes:
discord: 10080 # 7 days
The channel-specific idle is passed as idleMinutesOverride to the existing
resolveSessionResetPolicy, integrating cleanly with the new reset policy
architecture.
* fix
* feat: add per-channel session reset overrides (#1353) (thanks @cash-echo-bot)
---------
Co-authored-by: Cash Williams <cashwilliams@gmail.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
- Enhanced error handling in image reference detection to skip malformed file URLs without crashing.
- Updated media loading logic to throw an error for invalid file URLs, ensuring better feedback for users.
- Added support for detecting file URLs in prompts using fileURLToPath for accurate path resolution.
- Updated image loading logic to default to JPEG format for optimized image processing.
- Improved error handling in image optimization to continue processing on failures.
- Added handling for file URLs using fileURLToPath for proper resolution.
- Updated logic to skip relative path resolution if ref.resolved is already absolute.
- Enhanced cap calculation for image loading to handle undefined maxBytes more gracefully.
