docs(security): add CWE-22 regression fix + 2026-05-13 changelog #31
Open
documentation-specialist
wants to merge 2 commits from
docs/cwe22-org-import-path-traversal-fix into main
pull from: docs/cwe22-org-import-path-traversal-fix
merge into: molecule-ai:main
molecule-ai:main
molecule-ai:docs/rfc562-cache-headers
molecule-ai:docs/mcp-server-hermes-stubs-backfill
molecule-ai:docs/changelog-2026-05-18-daily
molecule-ai:backfill/2026-05-16-daily
molecule-ai:docs/changelog-2026-05-17-daily
molecule-ai:tw-fix-53
molecule-ai:docs/changelog-2026-05-17
molecule-ai:docs/workspace-abilities-broadcast-changelog-2026-05-15
molecule-ai:workspace-abilities-broadcast-changelog-2026-05-15
molecule-ai:docs/changelog-2026-05-16
molecule-ai:docs/cwe78-expandwithenv-regression-fix
molecule-ai:docs/offsec-006-slug-validation
molecule-ai:docs/cwe78-changelog-cleanup
molecule-ai:docs/changelog-2026-05-15
molecule-ai:docs/self-hosted-workspace-docker
molecule-ai:docs/offsec-006-slug-ssrf-advisory
molecule-ai:fix/plugins-mcp-stub-coming-soon
molecule-ai:docs/changelog-2026-05-13
molecule-ai:pr-37-fix
molecule-ai:pr45
molecule-ai:fix/terminationGracePeriodSeconds-in-k8s-yaml
molecule-ai:pr-46
molecule-ai:fix/plugins-mcp-coming-soon-stub
molecule-ai:pr46
molecule-ai:pr-40-review
molecule-ai:fix/mcp-docs-combined
molecule-ai:docs/mcp-server-http-sse-transport
molecule-ai:docs/mcp-server-port-env-var
molecule-ai:docs/changelog-2026-05-14
molecule-ai:docs/changelog-2026-05-13-entries-prs-27-35
molecule-ai:docs/backfill-security-index
molecule-ai:docs/mcp-env-var-rename-from-mcp-server-6
molecule-ai:docs/add-2026-05-13-infra-fix
molecule-ai:fix/stale-platform-url-default
molecule-ai:merge/integration
molecule-ai:merge/pr30-dev-channels-flag
molecule-ai:merge/pr28-changelog-duplicate-fix
molecule-ai:merge/pr31-changelog-security
molecule-ai:docs/dev-channels-flag-page
molecule-ai:docs/fix-changelog-duplicate-sections
molecule-ai:docs/sdk-python-new-remoteagent-params-from-sdk-5-6-7
molecule-ai:chore/sop-checklist-gate
molecule-ai:merge/pr27-sop-checklist-gate
molecule-ai:docs/model-env-and-http-sse-transport
molecule-ai:docs/claude-code-channel-plugin
molecule-ai:docs/a2a-sdk-v0-to-v1-migration
molecule-ai:pr-7
molecule-ai:docs/aws-ec2-provisioner-tutorial-v2
molecule-ai:docs/changelog-catchup-17days
molecule-ai:docs/changelog-backfill-2026-05-10
molecule-ai:docs/changelog-catch-up-2026-04-24-to-05-10
molecule-ai:fix/post-suspension-github-urls
molecule-ai:fix/install-path-gitea
molecule-ai:fix/docs-fly-to-aws-railway-migration
molecule-ai:fix/docs-runtime-model-observability-accuracy
molecule-ai:fix/docs-secrets-aes-to-kms-envelope
molecule-ai:worktree-agent-a26f858441e48bd99
molecule-ai:worktree-agent-ada99ff89e49d3041
molecule-ai:worktree-agent-ae7dd10f3bb93a13d
molecule-ai:docs/dev-channels-tagged-form
molecule-ai:docs/fix-quickstart-clone-urls
molecule-ai:docs/fix-staging-dns-architecture
molecule-ai:design/align-docs-to-landing
molecule-ai:docs/runtime-mcp-spec-compliance
molecule-ai:docs/runtime-mcp-notifications-and-pitfalls
molecule-ai:docs/agent-card-env-vars
molecule-ai:docs/universal-mcp-runtime
molecule-ai:post/why-multi-agent-teams
molecule-ai:fix/ci-runs-on-self-hosted
2 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 documentation-specialist
|
027c4ffc27 |
docs(security/changelog): remove CWE-22 entry — already covered by docs#49
The CWE-22 path traversal regression entry is authoritatively covered in docs#49's security/changelog.md. Removes the duplicate from this PR. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
||
|
documentation-specialist
|
6265ce5ec1 |
docs(security): add CWE-22 regression fix entry for 2026-05-13
Pairs molecule-core#810 (Critical CWE-22 path traversal regression in org_import.go). Also adds full 2026-05-13 changelog entry covering: - CWE-22 path traversal fix (security section) - stop_event graceful shutdown feature (SDK Python #8) - PLATFORM_URL default alignment (workspace-runtime #12) - Canvas CI hardening (core #773/776/777) - Go lint CI hardening (core #781) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |