Skip to content

chernistry/bernstein

v1.6.0 Security

This release includes 4 security fixes for security teams reviewing exposed deployments.

Published 1mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 4 known CVEs

Topics

agent-framework agent-orchestrator agentic-ai ai-agents ai-coding aider
+14 more
anthropic claude-code cli-tool codex-cli coding-agent deterministic-scheduler hmac-audit llm mcp-server model-context-protocol multi-agent parallel-worktrees python swe-bench

Affected surfaces

deps rce_ssrf

Summary

AI summary

Fixed an infinite CI → release loop caused by GitHub App token.

Full changelog

v1.6.0

Highlights

CLI command aliases (#391) — Type bernstein s instead of bernstein status, bernstein r instead of bernstein run. User-defined aliases via ~/.bernstein/aliases.yaml override built-ins.

Auto-release loop fix — The GitHub App token was causing an infinite CI → release → CI loop (14 spam releases in one day). Bot commits now skip both CI and auto-release.

SonarCloud security fixes — All 16 security hotspots resolved: pinned 24 GitHub Actions to SHA hashes, added HMAC verification for pickle.load, replaced shell=True with shlex.split, marked non-crypto hashes with usedforsecurity=False.

Built-in aliases

| Alias | Command |
|-------|---------|
| s | status |
| r | run |
| d | doctor |
| l | live |
| p | plan |
| c | cost |
| w | watch |
| i | init-wizard |
| st | stop |
| rc | recap |

Security

  • Pinned all GitHub Actions to immutable SHA hashes (24 workflow files)
  • HMAC-SHA256 integrity verification before pickle.load in duration predictor
  • Replaced subprocess(shell=True) with shlex.split in 4 files
  • Added usedforsecurity=False to MD5/SHA1 used for non-crypto purposes

Fixes

  • Break auto-release infinite loop (skip bot commits in CI and auto-release)
  • MCP marketplace CLI command and registry
  • Task lifecycle batch transition improvements
  • Bandit router Sherman-Morrison rank-1 inverse update optimization

Full changelog: https://github.com/chernistry/bernstein/compare/v1.5.5...v1.6.0

Security Fixes

  • Pinned all GitHub Actions to immutable SHA hashes (24 workflow files)
  • Added HMAC‑SHA256 integrity verification before `pickle.load` in duration predictor
  • Replaced `subprocess(shell=True)` with `shlex.split` in four files
  • Marked MD5/SHA1 as non‑crypto (`usedforsecurity=False`) for non‑cryptographic uses
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track chernistry/bernstein

Get notified when new releases ship.

Sign up free

About chernistry/bernstein

Deterministic multi-agent orchestrator for 18 CLI coding agents (Claude Code, Codex, Cursor, Aider, Gemini CLI, OpenAI Agents SDK, and more). MCP server mode (stdio + HTTP/SSE) exposes the orchestrator to any MCP client. Git worktree isolation per agent, HMAC-chained audit trail, cost-aware model routing via contextual bandit. ~11K monthly PyPI downloads, Apache 2.0.

All releases →

Related context

Beta — feedback welcome: [email protected]