mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-13 05:28:02 +03:00
davida-ps
4dbac421ab
* feat(advisories): add provisional ghsa feed * fix(workflows): include advisory signatures in checksums * fix(workflows): mirror ghsa feed at release root * feat(advisories): consolidate ghsa into agent feed * ci(advisories): consolidate ghsa during nvd poll * fix(advisories): retain unreplaced ghsa feed entries * chore(skills): bump advisory feed consumers * fix(release): resolve ts import closure dry run * fix(release): preserve urls while stripping comments * fix(release): ignore skill test-only changes * fix(advisories): follow ghsa pagination links * test(advisories): add nvd ghsa pipeline dry run
56 lines
2.8 KiB
Markdown
56 lines
2.8 KiB
Markdown
# Changelog
|
|
|
|
## [0.0.6] - 2026-05-24
|
|
|
|
### Changed
|
|
- Documented that NanoClaw consumes the consolidated signed advisory feed containing NVD CVEs, approved community advisories, and provisional GHSA-without-CVE records.
|
|
- Added advisory metadata typing for GHSA lifecycle fields used by the consolidated feed.
|
|
|
|
## [0.0.5] - 2026-05-14
|
|
|
|
### Security
|
|
- Added explicit signed release artifact verification instructions for standalone installs, including `checksums.json`, `checksums.sig`, `signing-public.pem`, archive hash verification, and `SKILL.md`/`skill.json` checksum checks.
|
|
|
|
All notable changes to the ClawSec NanoClaw compatibility skill will be documented in this file.
|
|
|
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
|
|
## [0.0.4] - 2026-04-16
|
|
|
|
### Changed
|
|
|
|
- Moved signature-related local file reads into `lib/local_file_io.ts` and kept network fetch logic isolated in `lib/signatures.ts`.
|
|
|
|
### Security
|
|
|
|
- Reduced static false-positive exfiltration signals by separating local file I/O and remote fetch code paths.
|
|
|
|
## [0.0.3] - 2026-03-09
|
|
|
|
### Security
|
|
|
|
- Removed runtime public-key override from host-side package signature verification; verification now always uses the pinned ClawSec key.
|
|
- Removed unsigned-package override path in host-side verification flow.
|
|
- Added strict package/signature path policy for signature verification (`/tmp`, `/var/tmp`, `/workspace/ipc`, `/workspace/project/data`, `/workspace/project/tmp`, `/workspace/project/downloads`) with absolute-path, extension, symlink, and realpath boundary checks.
|
|
- Added policy-bound path enforcement for integrity approvals: approvals now require normalized paths that are explicitly present in non-ignored integrity policy targets.
|
|
|
|
### Changed
|
|
|
|
- Updated MCP signature verification tool docs and behavior to align with bounded path policy and pinned-key-only verification.
|
|
- Added regression tests for signature-verification and integrity-approval hardening invariants.
|
|
|
|
## [0.0.2] - 2026-02-28
|
|
|
|
### Added
|
|
|
|
- Exploitability-aware advisory output in NanoClaw MCP tools (`exploitability_score`, `exploitability_rationale`).
|
|
- Exploitability filtering (`exploitabilityScore`) for `clawsec_list_advisories`.
|
|
|
|
### Changed
|
|
|
|
- Updated NanoClaw advisory sorting and pre-install safety recommendation logic to prioritize exploitability context.
|
|
- Updated NanoClaw integration docs to match current host/container integration points (`src/ipc.ts`, `src/index.ts`) and current cache schema.
|
|
- Removed duplicate exploitability normalization logic from MCP advisory tools and now reuse `normalizeExploitabilityScore` from `lib/risk.ts`.
|
|
- Reused `matchesAffectedSpecifier` from `lib/advisories.ts` in MCP advisory tools to keep skill/version matching logic centralized and consistent.
|