Skip to content

Acacian/aegis

v0.6.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP Security & Auth
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

agent-security ai-agent-security ai-agents ai-governance ai-safety ai-security
+14 more
audit-trail compliance guardrails langchain llm-security mcp mcp-security model-context-protocol pii-detection policy-as-code policy-engine policy-testing prompt-injection selection-governance

Affected surfaces

auth rce_ssrf

Summary

AI summary

Added eight new MCP security modules and fixed eighteen vulnerability issues.

Full changelog

MCP Security Modules & Security Hardening

New Features

  • 8 MCP security modules: response scanning, escalation detection, shadow detection, rate limiting, consent protocol, transport validation, security reports, audit dashboard
  • LangChain indirect prompt injection PoC demo
  • MCP security positioning pivot + retention mechanisms

Security

  • 18 vulnerability fixes: fail-closed defaults, API auth enforcement, data sanitization, SSRF/ReDoS/TOCTOU protection
  • URL sanitization + Streamlit CVE fix

Testing & Quality

  • Test coverage 87% → 91%+ (audit backends, instrument modules, pydantic_ai, patch_openai all at 100%)
  • Pre-commit framework integration (ruff lint + format + suspicious file blocker)

CI/DX

  • Upgraded ruff pre-commit hook (v0.3.0 → v0.11.2)
  • Claude Code hooks: auto-format on edit, pre-commit lint gate, pre-push CI gate
  • Skip MCP-dependent tests gracefully when MCP not installed

Full Changelog: https://github.com/Acacian/aegis/compare/v0.5.0...v0.6.0

Security Fixes

  • 18 vulnerability fixes including fail‑closed defaults, API auth enforcement, data sanitization, SSRF/ReDoS/TOCTOU protection and URL sanitization for Streamlit CVE
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Acacian/aegis

Get notified when new releases ship.

Sign up free

About Acacian/aegis

Policy-based governance for AI agent tool calls. YAML policies, approval gates, risk assessment, and audit logging. Cross-platform: LangChain, OpenAI, Anthropic, MCP.

All releases →

Related context

Beta — feedback welcome: [email protected]