RomanNum3ral
/
gstack
mirror of https://github.com/garrytan/gstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
gstack/browse
History
Garry Tan b60162ae45
fix: symlink bypass in validateReadPath (MEDIUM-02) 
- Always resolve to absolute path first (fixes relative path bypass)
- Use realpathSync to follow symlinks before boundary check
- Throw on non-ENOENT realpathSync failures (explicit over silent)
- Resolve SAFE_DIRECTORIES through realpathSync (macOS /tmp → /private/tmp)
- Resolve directory part for non-existent files (ENOENT with symlinked parent)
 		2026-03-27 22:14:02 -07:00
..
bin feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226) 2026-03-19 18:20:50 -07:00
scripts fix: Windows support — Node.js server fallback for Playwright (#255) 2026-03-20 12:22:11 -07:00
src fix: symlink bypass in validateReadPath (MEDIUM-02) 2026-03-27 22:14:02 -07:00
test feat: community PRs — faster install, skill namespacing, uninstall, Codex fallback, Windows fix, Python patterns (v0.12.9.0) (#561) 2026-03-27 00:44:37 -06:00
SKILL.md fix: security audit compliance — credentials, telemetry, bun pin, untrusted warning (v0.12.12.0) (#574) 2026-03-27 12:06:58 -06:00
SKILL.md.tmpl feat: worktree isolation for E2E tests + infrastructure elegance (v0.11.12.0) (#425) 2026-03-23 23:05:22 -07:00