 Archer
|
9959707fb3
|
V4.14.9 fix issue (#6573)
* fix: session error
* fix: session error
* fix: workflow runtime and add e2b
|
2026-03-19 11:15:14 +08:00 |
|
|
Archer
|
aaa7d17ef1
|
V4.14.9 dev (#6555)
* feat: encapsulate logger (#6535)
* feat: encapsulate logger
* update engines
---------
Co-authored-by: archer <545436317@qq.com>
* next config
* dev shell
* Agent sandbox (#6532)
* docs: switch to docs layout and apply black theme (#6533)
* feat: add Gemini 3.1 models
- Add gemini-3.1-pro-preview (released February 19, 2026)
- Add gemini-3.1-flash-lite-preview (released March 3, 2026)
Both models support:
- 1M context window
- 64k max response
- Vision
- Tool choice
* docs: switch to docs layout and apply black theme
- Change layout from notebook to docs
- Update logo to icon + text format
- Apply fumadocs black theme
- Simplify global.css (keep only navbar and TOC styles)
- Fix icon components to properly accept className props
- Add mobile text overflow handling
- Update Node engine requirement to >=20.x
* doc
* doc
* lock
* fix: ts
* doc
* doc
---------
Co-authored-by: archer <archer@archerdeMac-mini.local>
Co-authored-by: archer <545436317@qq.com>
* Doc (#6493)
* cloud doc
* doc refactor
* doc move
* seo
* remove doc
* yml
* doc
* fix: tsconfig
* fix: tsconfig
* sandbox version (#6497)
* sandbox version
* add sandbox log
* update lock
* fix
* fix: sandbox
* doc
* add console
* i18n
* sandbxo in agent
* feat: agent sandbox
* lock
* feat: sandbox ui
* sandbox check exists
* env tempalte
* doc
* lock
* sandbox in chat window
* sandbox entry
* fix: test
* rename var
* sandbox config tip
* update sandbox lifecircle
* update prompt
* rename provider test
* sandbox logger
* yml
---------
Co-authored-by: Archer <archer@fastgpt.io>
Co-authored-by: archer <archer@archerdeMac-mini.local>
* perf: sandbox error tip
* Add sandbox limit and fix some issue (#6550)
* sandbox in plan
* fix: some issue
* fix: test
* editor default path
* fix: comment
* perf: sandbox worksapce
* doc
* perf: del sandbox
* sandbox build
* fix: test
* fix: pr comment
---------
Co-authored-by: Ryo <whoeverimf5@gmail.com>
Co-authored-by: Archer <archer@fastgpt.io>
Co-authored-by: archer <archer@archerdeMac-mini.local>
|
2026-03-16 17:09:25 +08:00 |
|
|
Archer
|
4b4f856e16
|
fix: api dataset (#6551)
* fix: api dataset
* Update packages/global/core/chat/type.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
2026-03-12 20:51:00 +08:00 |
|
|
Archer
|
91a130307d
|
fix: SSRF vulnerability in HTTP Tool (GHSA-6g6x-8hq5-9cw4) (#6546)
* fix: SSRF vulnerability in HTTP Tool (GHSA-6g6x-8hq5-9cw4)
修复 HTTP Tool 中的 SSRF 漏洞,防止攻击者访问内部网络资源。
主要变更:
1. 在 runHTTPTool 函数中添加 isInternalAddress 验证
2. 修改 CHECK_INTERNAL_IP 默认行为为启用(安全优先)
3. 添加全面的单元测试验证修复
安全改进:
- 阻止访问 AWS/GCP/Azure 等云服务商元数据端点
- 阻止访问 Kubernetes 服务端点
- 阻止访问私有 IP 范围 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
- 阻止访问 localhost 和 127.0.0.1
- 阻止访问 link-local 地址 (169.254.0.0/16)
破坏性变更:
- CHECK_INTERNAL_IP 环境变量默认值从 false 改为 true
- 需要访问内部服务的用户需要显式设置 CHECK_INTERNAL_IP=false(不推荐)
测试:
- 添加 23 个测试用例覆盖各种 SSRF 攻击场景
- 所有测试通过
相关问题:
- Fixes GHSA-6g6x-8hq5-9cw4
- CWE-918: Server-Side Request Forgery
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* test: update isInternalAddress tests for new default behavior
更新测试以反映 CHECK_INTERNAL_IP 的新默认行为(默认启用安全检查)。
变更:
- 修改默认行为测试:现在默认阻止私有 IP 地址
- 添加 CHECK_INTERNAL_IP=false 测试组:测试向后兼容模式
- 所有 62 个测试通过
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* doc
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
|
2026-03-12 00:15:29 +08:00 |
|
|
Archer
|
38f6f9dd9f
|
fix: tool id (#6544)
* fix: tool id
* fix: test
* fix: ts
* add test
|
2026-03-11 23:15:17 +08:00 |
|