Security + hardening release — supersedes v2.0.1. All users should update.
Rolls v2.0.1's security work plus a second code-inspection pass into one build:
/api/terminal/launch(the shell-exec sink) now restricted to loopback callers.- Dependency CVE fixes — control-plane fastapi/cryptography past 8 known CVEs; main-app floors raised (Pillow libwebp heap-overflow, requests, flask, cryptography).
- Continuous dependency auditing in CI (pip-audit + cargo audit), committed Rust lockfile, lint + exception hardening.
Full details in CHANGELOG.md.
Install / update
- Existing installs auto-update from
master— open Clayrune and check for updates. - Windows: run
Clayrune-Setup.bat; re-run it to pick up the dependency floor bumps. - macOS: download
MissionControl-macOS.zipbelow, unzip, right-click ▸ Open (approve once in System Settings ▸ Privacy & Security if blocked).
macOS build pending notarization; the signed build replaces it shortly. Control-plane CVE fix requires a Cloud Run redeploy.