romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,292 Commits 258 Branches 39 Tags 276 MiB
19823c5498
Commit Graph

17 Commits

Author SHA1 Message Date
issuemakerable
19823c5498 security: add timing-safe comparisons and fix dependency CVEs 
- Create shared safeEqual() utility using timingSafeEqual (src/security/safe-equal.ts)
- Fix hook token comparison in server-http.ts to use safeEqual()
- Fix node pairing token in node-pairing.ts to use safeEqual()
- Fix audit token in audit-extra.ts to use safeEqual()
- Refactor gateway auth.ts to import from shared utility
- Bump tar 7.5.4→7.5.7 (CVE GHSA-34x7-hfp2-rc4v: hardlink path traversal)
- Bump hono 4.11.4→4.11.7 (XSS via ErrorBoundary + static middleware key read)
- Add pnpm.overrides for matrix transitive deps (form-data→2.5.5, qs→6.14.1)
 2026-01-29 19:28:33 +09:00
Peter Steinberger
3314b3996e fix: harden gateway auth defaults 2026-01-26 18:24:26 +00:00
Peter Steinberger
c4a80f4edb fix: require gateway auth by default 2026-01-26 12:56:33 +00:00
Peter Steinberger
fd9be79be1 fix: harden tailscale serve auth 2026-01-26 12:49:19 +00:00
Peter Steinberger
e6e71457e0 fix: honor trusted proxy client IPs (PR #1654) 
Thanks @ndbroadbent.

Co-authored-by: Nathan Broadbent <git@ndbroadbent.com>
 2026-01-25 01:52:19 +00:00
Peter Steinberger
d88b239d3c feat: add device token auth and devices cli 2026-01-20 10:30:53 +00:00
Peter Steinberger
4965727f39 chore: run format and fix sandbox browser timeouts 2026-01-16 09:18:58 +00:00
Palash Oswal
d43d4fcced
Gateway auth: accept local Tailscale Serve hostnames and tailnet IPs (#885) 
* Gateway auth: accept local Tailscale Serve hostnames and tailnet IPs

* fix: allow local Tailscale Serve hostnames (#885) (thanks @oswalpalash)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-01-16 07:51:25 +00:00
Peter Steinberger
c379191f80 chore: migrate to oxlint and oxfmt 
Co-authored-by: Christoph Nakazawa <christoph.pojer@gmail.com>
 2026-01-14 15:02:19 +00:00
Roshan Singh
7616b02bb1 Fix tailscale allowTailscale bypass in token mode 2026-01-13 04:34:28 +00:00
Peter Steinberger
36fa3c3cd3 fix: improve ws close diagnostics 2026-01-08 22:18:07 +00:00
Peter Steinberger
c7cade5232 style: tidy gateway auth imports 2026-01-08 08:26:40 +01:00
Peter Steinberger
b367ed75bf fix: wire gateway auth diagnostics into doctor 2026-01-08 08:26:40 +01:00
Peter Steinberger
246adaa119 chore: rename project to clawdbot 2026-01-04 14:38:51 +00:00
Peter Steinberger
5ecb65cbbe fix: persist gateway token for local CLI auth 2026-01-02 13:46:48 +01:00
Peter Steinberger
c8c807adcc refactor: drop PAM auth and require password for funnel 2025-12-23 13:13:09 +00:00
Peter Steinberger
d69064f364 fix(gateway): avoid crash in handshake auth 2025-12-21 00:41:06 +00:00