gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-19 00:11:20 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
dependabot/github_actions/github/codeql-action-4.36.2
clawsec/skills/clawsec-feed/CHANGELOG.md
T
davida-ps 4dbac421ab feat(advisories): add provisional GHSA feed (#242) 
* feat(advisories): add provisional ghsa feed

* fix(workflows): include advisory signatures in checksums

* fix(workflows): mirror ghsa feed at release root

* feat(advisories): consolidate ghsa into agent feed

* ci(advisories): consolidate ghsa during nvd poll

* fix(advisories): retain unreplaced ghsa feed entries

* chore(skills): bump advisory feed consumers

* fix(release): resolve ts import closure dry run

* fix(release): preserve urls while stripping comments

* fix(release): ignore skill test-only changes

* fix(advisories): follow ghsa pagination links

* test(advisories): add nvd ghsa pipeline dry run
2026-05-24 21:41:59 +03:00

1.9 KiB
Raw Permalink Blame History

Changelog

[0.0.8] - 2026-05-24

Changed

  • Documented the consolidated signed advisory feed as the default feed for NVD CVEs, approved community advisories, and provisional GHSA-without-CVE records.

[0.0.7] - 2026-05-14

Security

  • Added explicit signed release artifact verification instructions for standalone installs, including checksums.json, checksums.sig, signing-public.pem, archive hash verification, and SKILL.md/skill.json checksum checks.

All notable changes to the ClawSec Feed skill will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.0.6] - 2026-04-14

Added

  • Operational notes in the skill docs that distinguish standalone feed installation from clawsec-suite automation responsibilities.
  • Metadata describing required standalone install tooling and operator review expectations.

Changed

  • Clarified that the standalone feed package does not itself create persistence, hooks, or cron jobs.
  • Declared checksum/extraction tooling used by the documented install flow (bash, shasum, unzip) in skill metadata.
  • Normalized product naming in the skill docs to use OpenClaw terminology.

Security

  • Made release-provenance and checksum verification expectations explicit for standalone installations on production hosts.

[0.0.5] - 2026-02-28

Added

  • Exploitability-focused advisory guidance, including filtering and prioritization examples.
  • Notification examples that include exploitability context and rationale.

Changed

  • Clarified exploitability scoring guidance to match runtime values (high|medium|low|unknown).
  • Updated response-priority guidance to align with exploitability-first triage.
  • De-duplicated exploitability filtering guidance in SKILL.md by pointing to canonical docs in wiki/exploitability-scoring.md and clawsec-suite.
Reference in New Issue View Git Blame Copy Permalink