Skip to content

chernistry/bernstein

v1.6.8 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 1mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Topics

agent-framework agent-orchestrator agentic-ai ai-agents ai-coding aider
+14 more
anthropic claude-code cli-tool codex-cli coding-agent deterministic-scheduler hmac-audit llm mcp-server model-context-protocol multi-agent parallel-worktrees python swe-bench

Affected surfaces

rce_ssrf

Summary

AI summary

Added a real‑time cost‑per‑line‑of‑code efficiency endpoint.

Full changelog

v1.6.8

Code quality

Resolved all SonarCloud BLOCKER and CRITICAL issues across the codebase.

  • 29 BLOCKER fixes — removed redundant response_model params in FastAPI routes (tasks, agents, SBOM), switched to Annotated type hints for dependency injection, fixed a method that always returned the same value
  • Cognitive complexity reduction — refactored 34 functions across 30+ modules from CC 20-85 down to <15, extracting focused helper functions while preserving all behavior
  • Duplicate string literals — extracted 80+ repeated strings into module-level constants across i18n, agent_trust, seed, compliance_policies, cost, grpc_server, hipaa, and TUI
  • Test correctness — fixed 10 method signature mismatches in adapter overrides, 4 wrong argument types, and 2 logic issues in tests

Security

  • Hardened 25 regex patterns against ReDoS (catastrophic backtracking)
  • Added Zip Slip path traversal validation for archive extraction
  • Addressed all 65 SonarCloud security hotspots (code fixes + safe annotations)

External contribution

  • Merged PR #724 by @vbhavh — real-time cost-per-line-of-code efficiency metric (/costs/efficiency endpoint)

Security Fixes

  • Hardened 25 regex patterns against ReDoS
  • Added Zip Slip path traversal validation for archive extraction
  • Resolved all SonarCloud security hotspots (65 fixes and safe annotations)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track chernistry/bernstein

Get notified when new releases ship.

Sign up free

About chernistry/bernstein

Deterministic multi-agent orchestrator for 18 CLI coding agents (Claude Code, Codex, Cursor, Aider, Gemini CLI, OpenAI Agents SDK, and more). MCP server mode (stdio + HTTP/SSE) exposes the orchestrator to any MCP client. Git worktree isolation per agent, HMAC-chained audit trail, cost-aware model routing via contextual bandit. ~11K monthly PyPI downloads, Apache 2.0.

All releases →

Related context

Beta — feedback welcome: [email protected]