Releases · CTOUT/ReFrame

Security

release.yml - fixed script injection via github.ref_name (CWE-78 / OWASP A05)
release.yml - pinned actions/checkout to SHA de0fac2e (v6.0.2) and softprops/action-gh-release to b4309332 (v3.0.0) to prevent supply-chain compromise via mutable tags
release.yml - added fail_on_unmatched_files to catch accidental release asset omissions
reframe.agent.md - fixed backup path traversal: game name sanitised (strips /:*?<>| and ..) before use in path construction (OWASP A01)
reframe.agent.md - fixed PowerShell wildcard injection: game name escaped with [WildcardPattern]::Escape() before use in -like patterns (OWASP A05)
install.ps1 - added explicit .. check on -Ref parameter to prevent path traversal (OWASP A01)

knowledge/games/ - Tier 1 per-game profiles: Elden Ring and Dead Island 2
knowledge/game-engines/ - Tier 2 per-engine profiles: Unreal Engine 4
knowledge/templates/ - contributor templates (game.template.json, game-engine.template.json)
Dead Island 2 entry in docs/GAMES.md including engine overrides table and FSR 2 crash bug documentation
CONTRIBUTING.md - knowledge base contribution guide with schema docs, templates, and engine file resolution rules

README.md - repo-level install promoted as recommended path; user-level install documents knowledge base caveat
install.ps1 - user-level install prints knowledge base caveat and recommends repo-level install
docs/TROUBLESHOOTING.md - new; covers agent not appearing, DxDiag failures, config not found, registry elevation, and more
GitHub Issue Forms: bug_report.yml, feature_request.yml, config.yml (routes security reports to private advisory)
.github/pull_request_template.md - PR checklist
Agent Tier 2 now resolves against knowledge/game-engines/ JSON files before falling back to embedded engine defaults
Engine file fallback_for field (renamed from also_applies_to) with documented resolution rules

Full changelog: https://github.com/CTOUT/ReFrame/blob/main/CHANGELOG.md