Skip to content

Clayrune v2.0.2 — security + hardening

Latest

Choose a tag to compare

@ronle ronle released this 10 Jun 00:56

Security + hardening release — supersedes v2.0.1. All users should update.

Rolls v2.0.1's security work plus a second code-inspection pass into one build:

  • /api/terminal/launch (the shell-exec sink) now restricted to loopback callers.
  • Dependency CVE fixes — control-plane fastapi/cryptography past 8 known CVEs; main-app floors raised (Pillow libwebp heap-overflow, requests, flask, cryptography).
  • Continuous dependency auditing in CI (pip-audit + cargo audit), committed Rust lockfile, lint + exception hardening.

Full details in CHANGELOG.md.

Install / update

  • Existing installs auto-update from master — open Clayrune and check for updates.
  • Windows: run Clayrune-Setup.bat; re-run it to pick up the dependency floor bumps.
  • macOS: download MissionControl-macOS.zip below, unzip, right-click ▸ Open (approve once in System Settings ▸ Privacy & Security if blocked).

macOS build pending notarization; the signed build replaces it shortly. Control-plane CVE fix requires a Cloud Run redeploy.