Skip to content

chernistry/bernstein

v1.6.2 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

agent-framework agent-orchestrator agentic-ai ai-agents ai-coding aider
+14 more
anthropic claude-code cli-tool codex-cli coding-agent deterministic-scheduler hmac-audit llm mcp-server model-context-protocol multi-agent parallel-worktrees python swe-bench

Affected surfaces

rce_ssrf

Summary

AI summary

Path traversal hardening secures server routes against workspace root violations.

Full changelog

v1.6.2

Security

  • Path traversal hardening — server routes that accept file paths now validate against the workspace root before any filesystem operation.
  • Resolved 3 SonarCloud security hotspots: hardcoded test IPs replaced with 127.0.0.1 constants, assertion-based auth checks converted to explicit if guards.

Fixed

  • 4 reliability bugs in test assertions flagged by SonarCloud (float equality without tolerance in test_task_splitter, test_token_budget_compaction).
  • Skip duplicate cost-confirmation prompt when plan approval already covers the budget question.

Full changelog: https://github.com/chernistry/bernstein/compare/v1.6.1...v1.6.2

Security Fixes

  • Path traversal hardening — server routes now validate file paths against the workspace root before any filesystem operation.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track chernistry/bernstein

Get notified when new releases ship.

Sign up free

About chernistry/bernstein

Deterministic multi-agent orchestrator for 18 CLI coding agents (Claude Code, Codex, Cursor, Aider, Gemini CLI, OpenAI Agents SDK, and more). MCP server mode (stdio + HTTP/SSE) exposes the orchestrator to any MCP client. Git worktree isolation per agent, HMAC-chained audit trail, cost-aware model routing via contextual bandit. ~11K monthly PyPI downloads, Apache 2.0.

All releases →

Related context

Beta — feedback welcome: [email protected]