Skip to content

0xMassi/webclaw

v0.6.3 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 15d MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai ai-agents ai-scraping cli crawler data-extraction
+13 more
firecrawl-alternative html-to-markdown llm markdown mcp mcp-server rust self-hosted tls-fingerprinting web-crawler web-extraction web-scraper web-scraping

Affected surfaces

rce_ssrf

Summary

AI summary

Hardened core with WASM‑safe gating, SSRF protection, path‑traversal mitigation, and recursion limits.

Changes in this release

Security Medium

hardened core with WASM-safe gating, SSRF, path-traversal, recursion caps

hardened core with WASM-safe gating, SSRF, path-traversal, recursion caps

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Full changelog

What's Changed

  • fix: harden core (WASM-safe gating, SSRF, path-traversal, recursion caps) by @0xMassi in https://github.com/0xMassi/webclaw/pull/46

Full Changelog: https://github.com/0xMassi/webclaw/compare/v0.6.2...v0.6.3

Security Fixes

  • Hardened core: added WASM‑safe gating, blocked SSRF attacks, prevented path‑traversal, and imposed recursion caps
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track 0xMassi/webclaw

Get notified when new releases ship.

Sign up free

About 0xMassi/webclaw

Web content extraction for AI agents. 10 tools: scrape, crawl, map, batch, extract, summarize, diff, brand, search, research. TLS fingerprinting bypasses anti-bot without a browser. 67% fewer tokens than raw HTML. `npx create-webclaw` auto-configures Claude, Cursor, Windsurf, Codex, OpenCode.

All releases →

Related context

Beta — feedback welcome: [email protected]