Skip to content

0xMassi/webclaw

v0.3.17 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai ai-agents ai-scraping cli crawler data-extraction
+13 more
firecrawl-alternative html-to-markdown llm markdown mcp mcp-server rust self-hosted tls-fingerprinting web-crawler web-extraction web-scraper web-scraping

Affected surfaces

rce_ssrf

Summary

AI summary

Fixed command injection in --on-change and converted semaphore‑closed to a typed error.

Full changelog

What's Changed

  • fix(cli): close --on-change command injection via sh -c (P0) by @0xMassi in https://github.com/0xMassi/webclaw/pull/20
  • fix(fetch): surface semaphore-closed as typed error instead of panic (P1) by @0xMassi in https://github.com/0xMassi/webclaw/pull/21
  • feat(fetch,llm): DoS hardening + glob validation + cleanup (P2) by @0xMassi in https://github.com/0xMassi/webclaw/pull/22
  • polish(fetch,mcp): robots parser + firefox client cache + Acquire ordering (P3) by @0xMassi in https://github.com/0xMassi/webclaw/pull/23

New Contributors

  • @0xMassi made their first contribution in https://github.com/0xMassi/webclaw/pull/20

Full Changelog: https://github.com/0xMassi/webclaw/compare/v0.3.13...v0.3.17

Security Fixes

  • fix(cli): close --on-change command injection via sh -c (P0)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track 0xMassi/webclaw

Get notified when new releases ship.

Sign up free

About 0xMassi/webclaw

Web content extraction for AI agents. 10 tools: scrape, crawl, map, batch, extract, summarize, diff, brand, search, research. TLS fingerprinting bypasses anti-bot without a browser. 67% fewer tokens than raw HTML. `npx create-webclaw` auto-configures Claude, Cursor, Windsurf, Codex, OpenCode.

All releases →

Related context

Beta — feedback welcome: [email protected]