changelog 0.7.5

[Soph]

https://entire.io/gh/entireio/cli/trails/520

---

Note

Low Risk
Documentation-only change to CHANGELOG.md; no runtime behavior is modified in this PR.

Overview
Adds the 0.7.5 release section (dated 2026-06-04) to CHANGELOG.md, documenting shipped fixes rather than changing product code in this diff.

Under Security, it records closure of a path-traversal / arbitrary-file-write issue ([#1365]): session and checkpoint identifiers from entire/checkpoints/v1 or agent hooks were used in filesystem paths without validation, so crafted IDs could overwrite arbitrary files during entire session resume or entire checkpoint rewind; the release notes describe validation at read/dispatch boundaries plus os.Root containment.

Under Fixed, it records that git-remote-entire now relays helper-status before checking the send-pack exit code ([#1364), so per-ref rejections show as ! [remote rejected] with the real reason instead of a generic send-pack exited with error: exit status 1.

^{Reviewed by Cursor Bugbot for commit caf774d. Configure here.}

[Copilot]

Pull request overview

Adds the release notes for 0.7.5 to the project changelog, documenting recently shipped security hardening and improved git-remote-entire push error reporting.

Changes:

• Added a 0.7.5 section dated 2026-06-04.
• Documented a security fix for path traversal / arbitrary file write across session/checkpoint/agent lifecycle paths (PR #1365).
• Documented a fix to relay git-remote-entire helper-status before checking send-pack exit status to surface per-ref rejection reasons (PR #1364).