This release includes 1 security fix for security teams reviewing exposed deployments.
Published 1mo
AI Agents & Assistants
✓ No known CVEs patched
This release patches 1 known CVE
Topics
agent
agent-os
ai
ai-agents
chatops
claude
+11 more
claude-code
codex
devtools
discord-bot
lark-bot
llm
local-first
opencode
slack-bot
vibe-coding
wechat
Affected surfaces
deps
Summary
AI summaryUpdated frontend dependencies to fix a vulnerability.
Full changelog
Highlights
- You can now wait on GitHub Actions directly from
watch, with faster failure reporting when a workflow cannot start. - Fixed a regression that could cause idle CPU spinning during Claude cleanup, reducing unnecessary background resource usage.
- Fixed Codex image-generation flows so generated images are delivered reliably, image paths are clearer, and hidden turn indicators are preserved.
- Improved model selection by prioritizing GPT-5.5 in the Codex model list.
Changes
Added
- Add a GitHub Actions waiter to
watchfor tracking workflow runs (#221).
Changed
- Prioritize GPT-5.5 in the Codex model list (#218).
- Upgrade the Claude agent SDK (#220).
Fixed
- Stop idle CPU spinning during Claude cleanup regression (#216).
- Link release notifications in update flows (#217).
- Deliver generated images in Codex responses and emit generated image file URIs (#219).
- Preserve hidden turn indicators in Codex image-generation flows (#219).
- Clarify and guide generated image paths in Codex, including expanded prompt path handling (#223).
- Scope Codex image prompts and snapshots correctly to avoid cross-turn/session leakage.
- Handle resumed image turns and harden/clear image fallback behavior in Codex.
- Normalize Windows file URIs in replies.
- Preserve replacement session state for agents during receiver handoff.
- Keep receivers tracked correctly during disconnect and hide stale receivers during cleanup.
- Defer receiver disconnect until safe, exit receivers after auth cleanup, and drain/swallow cleanup failures more safely.
- Fail fast on GitHub Actions startup errors and clamp action polling by request count.
Security
- Update vulnerable frontend dependencies (#222).
Full Changelog: https://github.com/cyhhao/vibe-remote/compare/v2.2.13...v2.2.14
Highlights
- 现在你可以直接通过
watch等待 GitHub Actions 运行结果,并且在工作流启动失败时能更快收到错误反馈。 - 修复了 Claude 清理流程中的回归问题,避免空闲时 CPU 异常空转,降低后台资源占用。
- 修复了 Codex 图片生成相关流程:生成的图片现在可以稳定返回,图片路径提示更清晰,同时能保留隐藏的回合指示器。
- 优化了模型选择顺序,Codex 模型列表现在会优先展示 GPT-5.5。
Changes
Added
- 为
watch新增 GitHub Actions 等待能力,可用于跟踪工作流运行状态 (#221)。
Changed
- 将 Codex 模型列表中的 GPT-5.5 提升为更高优先级 (#218)。
- 升级 Claude 的 agent SDK (#220)。
Fixed
- 修复 Claude 清理流程导致空闲 CPU 空转的回归问题 (#216)。
- 修复更新通知中的版本发布链接 (#217)。
- 修复 Codex 响应中的图片生成交付问题,并补充生成图片的文件 URI 输出 (#219)。
- 修复 Codex 图片生成流程中隐藏回合指示器被破坏的问题 (#219)。
- 优化 Codex 的生成图片路径提示与目录说明,并补充更明确的 prompt 路径处理 (#223)。
- 修复 Codex 图片 prompt 与快照的作用域,避免跨回合或跨会话串扰。
- 修复 Codex 恢复图片回合时的处理逻辑,并增强/清理图片回退机制。
- 修复回复中的 Windows 文件 URI 规范化问题。
- 修复 agents 在接管会话时替换会话状态丢失的问题。
- 修复 receiver 断开连接时的跟踪与清理逻辑,避免陈旧 receiver 残留显示。
- 改进 receiver 清理与断开流程:在安全时机再断开、认证清理后正确退出,并更稳妥地处理清理失败。
- 修复 GitHub Actions 启动失败时不能及时报错的问题,并限制轮询请求次数。
Security
- 更新存在漏洞的前端依赖 (#222)。
Full Changelog: https://github.com/cyhhao/vibe-remote/compare/v2.2.13...v2.2.14
Security Fixes
- Update vulnerable frontend dependencies (#222)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Avibe
All releases →Related context
Related tools
Beta — feedback welcome: [email protected]