v1.0.19 — security housekeeping (2026-07-05)
Patch release shipping the 2026-07-05 review housekeeping follow-ups (#684).
- Self-update fails closed — unattended (
update.auto) refuses without a configuredupdate.gpg_fingerprint; a set fingerprint enforces a matching, valid signature.--skip-signature-checkstill bypasses. @perseusfences remote content as untrusted DATA (blocks prompt-injection from a hostile/compromised peer).- Webhook empty-secret fails closed (no silent unsigned delivery).
serverejects a missing Host on loopback binds (DNS-rebinding).- Vault-connector CWD binary search gated behind
PERSEUS_DEV_VAULT_BUILD=1(CWE-427).
See docs/security-review-2026-07-05.md.