Skip to content

v0.2.1 - Security Patch: Enforce Authentication by Default

Choose a tag to compare

View all tags
@github-actions github-actions released this 15 Feb 08:00
v0.2.1
5132883

Release v0.2.1 - Security Patch 🔐

Critical security update - All users should upgrade.

Security Improvements

  • BREAKING: Authentication now enabled by default (was disabled)
  • BREAKING: JWT_SECRET now required - no auto-generation
  • Added comprehensive SECURITY.md policy
  • Added JWT_SECRET to SKILL.md required environment variables
  • Added security warnings to README and example scripts
  • Authenticator now fails fast if JWT_SECRET not set

Before Running (Required)

# Generate a secure secret
export JWT_SECRET=$(openssl rand -base64 32)

# Then start the bridge
python examples/quickstart/mock_bridge.py

Why This Change

ClawHub security review identified that auto-generating secrets and disabled-by-default authentication created security risks for a networked robot control service. This update ensures:

  1. Explicit security configuration - Users must set JWT_SECRET
  2. Authentication enforced - No anonymous admin access
  3. Clear warnings - Users know the security requirements

Migration from v0.2.0

If you were using v0.2.0, add this before running:

export JWT_SECRET=$(openssl rand -base64 32)

Full Documentation

PyPI: https://pypi.org/project/agent-ros-bridge/0.2.1/
Install: pip install agent-ros-bridge==0.2.1

Assets 2
Loading