 Archer
|
d0f96723ea
|
fix: plugin catch (#6643)
|
2026-03-25 20:20:19 +08:00 |
|
|
Archer
|
bd966d479f
|
fix: login secret (#6635)
* fix: login secret
* lock
* env template
* fix: ts
* fix: ts
* fix: ts
|
2026-03-25 14:45:38 +08:00 |
|
|
Archer
|
37bbccdc1f
|
Fix outlink doc (#6619)
* doc
* doc
|
2026-03-23 23:37:12 +08:00 |
|
|
Archer
|
a49321c850
|
deploy doc (#6612)
|
2026-03-23 16:26:22 +08:00 |
|
|
Archer
|
f6bd798fe6
|
doc (#6610)
|
2026-03-23 12:17:04 +08:00 |
|
|
Archer
|
3048dd5cfb
|
doc (#6609)
|
2026-03-23 12:10:44 +08:00 |
|
|
Archer
|
c37b3aa0e8
|
wechat publish (#6607)
* wechat publish
* update test
* doc
|
2026-03-23 11:57:05 +08:00 |
|
|
Archer
|
f7b64f25b1
|
V4.14.9 features (#6602)
* fix: image read and json error (Agent) (#6502)
* fix:
1.image read
2.JSON parsing error
* dataset cite and pause
* perf: plancall second parse
* add test
---------
Co-authored-by: archer <545436317@qq.com>
* master message
* remove invalid code
* fix: sandbox download file
* update lock
* sub set
* i18n
* perf: system forbid sandbox
* fix: i18n; next config
* fix: authchat uid
* update i18n
* perf: check exists
* stop in tool
* stop in tool
* fix: chat
* update action
* doc
* deploy doc
---------
Co-authored-by: YeYuheng <57035043+YYH211@users.noreply.github.com>
|
2026-03-22 17:58:45 +08:00 |
|
|
Archer
|
05bb197990
|
V4.14.9 features (#6599)
* fix: image read and json error (Agent) (#6502)
* fix:
1.image read
2.JSON parsing error
* dataset cite and pause
* perf: plancall second parse
* add test
---------
Co-authored-by: archer <545436317@qq.com>
* master message
* remove invalid code
* feat(sre): integrate traces, logs, metrics into one sdk (#6580)
* fix: image read and json error (Agent) (#6502)
* fix:
1.image read
2.JSON parsing error
* dataset cite and pause
* perf: plancall second parse
* add test
---------
Co-authored-by: archer <545436317@qq.com>
* master message
* wip: otel sdk
* feat(sre): integrate traces, logs, metrics into one sdk
* fix(sre): use SpanStatusCode constants
* fix(sre): clarify step memory measurement
* update package
* fix: ts
---------
Co-authored-by: YeYuheng <57035043+YYH211@users.noreply.github.com>
Co-authored-by: archer <545436317@qq.com>
* doc
* sandbox in agent (#6579)
* doc
* update template
* fix: pr
* fix: sdk package
* update lock
* update next
* update dockerfile
* dockerfile
* dockerfile
* update sdk version
* update dockerefile
* version
---------
Co-authored-by: YeYuheng <57035043+YYH211@users.noreply.github.com>
Co-authored-by: Ryo <whoeverimf5@gmail.com>
|
2026-03-21 12:19:44 +08:00 |
|
|
Archer
|
7a6601394d
|
perf: agent pause (#6588)
* doc
* feat: Pause Recovery (#6494)
* feat: Pause Recovery
* agent pause
* agent pause
* fix:agent pause
* fix:agent pause
* perf: pause agent call
* fix: test
---------
Co-authored-by: archer <545436317@qq.com>
* fix: image read and json error (Agent) (#6502)
* fix:
1.image read
2.JSON parsing error
* dataset cite and pause
* perf: plancall second parse
* add test
---------
Co-authored-by: archer <545436317@qq.com>
* master message
* remove invalid code
* fix: pause agent (#6595)
* fix: ask and step result
* delete console
* udpate pnpm version
* prettier
---------
Co-authored-by: YeYuheng <57035043+YYH211@users.noreply.github.com>
|
2026-03-20 18:07:29 +08:00 |
|
|
gaga0714
|
ec7a8beba5
|
fix:workflow and chat bugs (#6584)
* fix:修复判断器 arrayAny 类型无判断条件可选
* fix:系统工具集不显示版本
* fix:修复视频音频自定义文件类型流程开始无文件链接变量
* fix:输入框会转义成markdown
* docs:新增修复
|
2026-03-20 11:25:45 +08:00 |
|
|
Archer
|
b29e10cf65
|
V4.14.9 dev (#6582)
* update doc
* update pnpm version
* update lock
* update model config doc
* time
* update dockerfile
|
2026-03-19 14:09:03 +08:00 |
|
|
Archer
|
9959707fb3
|
V4.14.9 fix issue (#6573)
* fix: session error
* fix: session error
* fix: workflow runtime and add e2b
|
2026-03-19 11:15:14 +08:00 |
|
|
Archer
|
aaa7d17ef1
|
V4.14.9 dev (#6555)
* feat: encapsulate logger (#6535)
* feat: encapsulate logger
* update engines
---------
Co-authored-by: archer <545436317@qq.com>
* next config
* dev shell
* Agent sandbox (#6532)
* docs: switch to docs layout and apply black theme (#6533)
* feat: add Gemini 3.1 models
- Add gemini-3.1-pro-preview (released February 19, 2026)
- Add gemini-3.1-flash-lite-preview (released March 3, 2026)
Both models support:
- 1M context window
- 64k max response
- Vision
- Tool choice
* docs: switch to docs layout and apply black theme
- Change layout from notebook to docs
- Update logo to icon + text format
- Apply fumadocs black theme
- Simplify global.css (keep only navbar and TOC styles)
- Fix icon components to properly accept className props
- Add mobile text overflow handling
- Update Node engine requirement to >=20.x
* doc
* doc
* lock
* fix: ts
* doc
* doc
---------
Co-authored-by: archer <archer@archerdeMac-mini.local>
Co-authored-by: archer <545436317@qq.com>
* Doc (#6493)
* cloud doc
* doc refactor
* doc move
* seo
* remove doc
* yml
* doc
* fix: tsconfig
* fix: tsconfig
* sandbox version (#6497)
* sandbox version
* add sandbox log
* update lock
* fix
* fix: sandbox
* doc
* add console
* i18n
* sandbxo in agent
* feat: agent sandbox
* lock
* feat: sandbox ui
* sandbox check exists
* env tempalte
* doc
* lock
* sandbox in chat window
* sandbox entry
* fix: test
* rename var
* sandbox config tip
* update sandbox lifecircle
* update prompt
* rename provider test
* sandbox logger
* yml
---------
Co-authored-by: Archer <archer@fastgpt.io>
Co-authored-by: archer <archer@archerdeMac-mini.local>
* perf: sandbox error tip
* Add sandbox limit and fix some issue (#6550)
* sandbox in plan
* fix: some issue
* fix: test
* editor default path
* fix: comment
* perf: sandbox worksapce
* doc
* perf: del sandbox
* sandbox build
* fix: test
* fix: pr comment
---------
Co-authored-by: Ryo <whoeverimf5@gmail.com>
Co-authored-by: Archer <archer@fastgpt.io>
Co-authored-by: archer <archer@archerdeMac-mini.local>
|
2026-03-16 17:09:25 +08:00 |
|
|
Archer
|
4b4f856e16
|
fix: api dataset (#6551)
* fix: api dataset
* Update packages/global/core/chat/type.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
2026-03-12 20:51:00 +08:00 |
|
|
Archer
|
91a130307d
|
fix: SSRF vulnerability in HTTP Tool (GHSA-6g6x-8hq5-9cw4) (#6546)
* fix: SSRF vulnerability in HTTP Tool (GHSA-6g6x-8hq5-9cw4)
修复 HTTP Tool 中的 SSRF 漏洞,防止攻击者访问内部网络资源。
主要变更:
1. 在 runHTTPTool 函数中添加 isInternalAddress 验证
2. 修改 CHECK_INTERNAL_IP 默认行为为启用(安全优先)
3. 添加全面的单元测试验证修复
安全改进:
- 阻止访问 AWS/GCP/Azure 等云服务商元数据端点
- 阻止访问 Kubernetes 服务端点
- 阻止访问私有 IP 范围 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
- 阻止访问 localhost 和 127.0.0.1
- 阻止访问 link-local 地址 (169.254.0.0/16)
破坏性变更:
- CHECK_INTERNAL_IP 环境变量默认值从 false 改为 true
- 需要访问内部服务的用户需要显式设置 CHECK_INTERNAL_IP=false(不推荐)
测试:
- 添加 23 个测试用例覆盖各种 SSRF 攻击场景
- 所有测试通过
相关问题:
- Fixes GHSA-6g6x-8hq5-9cw4
- CWE-918: Server-Side Request Forgery
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test: update isInternalAddress tests for new default behavior
更新测试以反映 CHECK_INTERNAL_IP 的新默认行为(默认启用安全检查)。
变更:
- 修改默认行为测试:现在默认阻止私有 IP 地址
- 添加 CHECK_INTERNAL_IP=false 测试组:测试向后兼容模式
- 所有 62 个测试通过
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* doc
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
|
2026-03-12 00:15:29 +08:00 |
|
|
Archer
|
38f6f9dd9f
|
fix: tool id (#6544)
* fix: tool id
* fix: test
* fix: ts
* add test
|
2026-03-11 23:15:17 +08:00 |
|