great_cto

v2.65.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agentic-coding claude-code-plugin claude-code-skills claude-code-subagents code-review cto

+2 more

multi-agent sdlc

Affected surfaces

auth

ReleasePort's take

Moderate signal

editorial:auto 2d

Release v2.65.1 adds a same‑origin guard that blocks cross‑origin POST/PUT/PATCH/DELETE requests on mutation API endpoints, returning a 403 response.

Why it matters: The new same‑origin guard mitigates CSRF attacks on mutation endpoints; any cross‑origin request to these APIs will be rejected with a 403 status code.

Summary

AI summary

Same-origin guard added to prevent CSRF on mutation endpoints.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Adds same-origin guard to prevent CSRF on mutation endpoints (403 for cross-origin POST/PUT/PATCH/DELETE). Adds same-origin guard to prevent CSRF on mutation endpoints (403 for cross-origin POST/PUT/PATCH/DELETE). Source: llm_adapter@2026-06-10 Confidence: high	—

Full changelog

Fixes from a project health audit.

Security (CSRF) — the board set Access-Control-Allow-Origin: * with no Origin check on most mutation endpoints; a page the user visits could POST to localhost and approve an autopilot gate (→ run an irreversible connector write), approve a dev gate, or mutate tasks. Added a same-origin guard on every POST/PUT/PATCH/DELETE (exempting the HMAC-authenticated /api/autopilot/ingest webhook). Cross-origin mutations → 403; reads, same-origin, and CLI calls unaffected.
Tests — packs-integration was red (2 fail): the reviewer test now parses PACK_REVIEWERS dynamically and the overlay harness gained the 4 missing packs. 5/5.
Lint — agent-prompt-lint mis-read YAML block scalars (description: |) as 1 char → 3 false errors (exit 1). Now parses |/> block bodies; exit 0.

No regression: lib 348/348, hooks 63/63, board-gate 5/5, tsc 0.

Security Fixes

Added same-origin guard to all POST/PUT/PATCH/DELETE endpoints (except /api/autopilot/ingest) preventing CSRF attacks that could approve autopilot/dev gates or mutate tasks.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track great_cto

Get notified when new releases ship.

About great_cto

Engineering-management layer of 34 specialist AI agents covering the full SDLC (architect, PM, senior-dev, reviewer, QA, security, devops, L3-support + 18 archetype-specific reviewers) with auto-detected archetypes and compliance gates (PCI-DSS, HIPAA, FedRAMP, GDPR, EU AI Act). Runs in Claude Code, Cursor, Codex CLI, Aider, and Continue via AGENTS.md + MCP. MIT.

All releases →

Related context

Related tools

Earlier breaking changes

v2.55.0 Hard-gates the Build board; redirects invite sessions to Operate for operators.
v2.43.0 Runtime now blocks autonomous execution of irreversible actions without prior human checkpoint.
v2.43.0 Adds reversible and blastRadius fields to every flow step.
v2.32.0 Removed AgentShield scanner and its CLI commands.