This release contains security fixes that have been discovered using Fable 5.
What's Changed
- fix(security): reject unsafe entries during archive extraction by @albertodebortoli in #91
- fix(security): warn when installing a tool without checksum verification by @albertodebortoli in #92
- fix(security): warn when verifying with a broken hash algorithm by @albertodebortoli in #93
- fix(security): pass pipeline parameters via environment, not shell text by @albertodebortoli in #94
- fix(security): contain skill file writes within the skill directory by @albertodebortoli in #95
- fix(security): reject symlinks when fetching skills from a git repo by @albertodebortoli in #96
Full Changelog: 0.20.0...0.21.0
Contributors
albertodebortoli