chernistry/bernstein

v2.5.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 14d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agent-framework agent-orchestrator agentic-ai ai-agents ai-coding aider

+14 more

anthropic claude-code cli-tool codex-cli coding-agent deterministic-scheduler hmac-audit llm mcp-server model-context-protocol multi-agent parallel-worktrees python swe-bench

Affected surfaces

auth rbac rce_ssrf

Summary

AI summary

Fixed a time‑of‑check to time‑of‑use race condition in claim_batch API pagination.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	resolve CodeQL / Semgrep / workflow code-scanning alerts resolve CodeQL / Semgrep / workflow code-scanning alerts Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Feature	Medium	unblocks post-CI dispatcher for auto-firing future patch releases unblocks post-CI dispatcher for auto-firing future patch releases Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Bugfix
Bugfix	Medium	repair Sonar workflow_run skip and verify GlitchTip CLI path repair Sonar workflow_run skip and verify GlitchTip CLI path Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Bugfix	Medium	scrub operator hostnames from docs and PR-comment surfaces scrub operator hostnames from docs and PR-comment surfaces Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Bugfix	Medium	replace blocking subprocess.run and narrow bare except clauses replace blocking subprocess.run and narrow bare except clauses Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Bugfix	Medium	pagination cap, claim_batch TOCTOU fix, list_tasks single-pass filter pagination cap, claim_batch TOCTOU fix, list_tasks single-pass filter Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—

Full changelog

Patch release catching up 5 fixes since v2.5.0:

#1705 fix(security): resolve CodeQL / Semgrep / workflow code-scanning alerts
#1713 fix(observability): repair Sonar workflow_run skip and verify GlitchTip CLI path
#1718 fix(privacy): scrub operator hostnames from docs and PR-comment surfaces
#1726 fix(routes): replace blocking subprocess.run + narrow bare except clauses
#1727 fix(api): pagination cap + claim_batch TOCTOU + list_tasks single-pass filter

Plus #1730 unblocks the post-CI dispatcher so future patch releases auto-fire.

Security Fixes

Fix #1727 – resolved TOCTOU race condition in `claim_batch` API pagination.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track chernistry/bernstein

Get notified when new releases ship.

About chernistry/bernstein

Deterministic multi-agent orchestrator for 18 CLI coding agents (Claude Code, Codex, Cursor, Aider, Gemini CLI, OpenAI Agents SDK, and more). MCP server mode (stdio + HTTP/SSE) exposes the orchestrator to any MCP client. Git worktree isolation per agent, HMAC-chained audit trail, cost-aware model routing via contextual bandit. ~11K monthly PyPI downloads, Apache 2.0.

All releases →

chernistry/bernstein

Summary

Changes in this release

Security Fixes

Related context

Related tools