v0.36.1

⚠️ Security

This release temporarily disables the /help_docs command as a mitigation for a credential-exposure vulnerability (#2445).

/help_docs accepted an untrusted runtime override of its git clone target (e.g. --pr_help_docs.repo_url=... from a PR comment), and the clone-URL host validation only checked substring containment. A host that merely contained the allowed host — e.g. github.com.attacker.tld — passed validation, so the git provider token was embedded into a clone URL pointing at an attacker-controlled host, exposing GITHUB_TOKEN (and the equivalent token on other providers).

What's Changed

• Publish Docker Hub image attestations and document digest verification by @copilot-swe-agent[bot] in #2433
• feat: add Gemini 3.1 stable and 3.5 model identifiers to supported model registry by @copilot-swe-agent[bot] in #2432

🚀 Features

• feat(config): add --extra_config_url to merge external .pr_agent.toml by @kiennt2 in #2406
• feat: add Claude Opus 4.8 support by @PeterDaveHello in #2423

🐛 Bug Fixes

• fix: add claude-opus-4-7 to NO_SUPPORT_TEMPERATURE_MODELS (#2400) by @raywcm in #2448
• fix: remove closed Discord community links by @IsmaelMartinez in #2446
• fix(security)!: temporarily disable /help_docs command (#2445) by @naorpeled in #2451
• fix: handle missing [github] settings section at import time by @PraneelBhatia in #2428
• fix: run gitlab_webhook under gunicorn for worker isolation by @pdecat in #2412
• fix: update reference link to configuration.toml by @arsalanyavari in #2425
• fix: readme-markdown-spacing by @DoraC7 in #2333

📚 Documentation

• docs: Fix broken list markup in gitea installation document by @brlin-tw in #2413

Full Changelog: v0.36.0...v0.37.0