This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+9 more
ReleasePort's take
Light signalv4.1.1 fixes duplicate assistant replies by deferring background task wakes until the parent session is idle. The release also includes continuation stability improvements and prohibits tmux kill-server in interactive bash.
Why it matters: Duplicate assistant replies from background tasks corrupt conversation flow. Upgrade to patch this issue and gain continuation stability improvements plus tmux security hardening.
Summary
AI summaryFixed duplicate assistant replies by deferring background wakes until the parent session is idle.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Interactive bash prohibits tmux kill-server Interactive bash prohibits tmux kill-server Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
Background tasks defer waking active parent sessions Background tasks defer waking active parent sessions Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
Stale idle events prevented from starting overlapping replies Stale idle events prevented from starting overlapping replies Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
Continuation resumes marked as synthetic Continuation resumes marked as synthetic Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
Background tasks wait for parent session to become idle before waking it Background tasks wait for parent session to become idle before waking it Source: granite4.1:30b@2026-05-23-audit Confidence: low |
— |
| Bugfix | Medium |
Continuation hooks re‑check session activity before injecting prompts Continuation hooks re‑check session activity before injecting prompts Source: granite4.1:30b@2026-05-23-audit Confidence: low |
— |
Full changelog
More Reliable Background Wakeups
Background tasks now wait for the parent session to actually become idle before waking it with completion results. This prevents duplicate assistant replies when a background task finishes while the main conversation is still running.
Safer Continuation Hooks
Team wake hints, Atlas continuations, Ralph loops, todo continuation, and unstable-agent babysitting now all re-check session activity before injecting internal prompts. Stale idle events should no longer start overlapping replies.
Tighter Safety Guards
This patch also keeps synthetic continuation resumes marked correctly and blocks dangerous interactive shell server shutdowns.
- 3b4d2431 fix(hooks): guard stale idle prompts
- a337635e fix(background-agent): defer active parent wakes
- 0b99168b @EmiyaKiritsugu3 has signed the CLA in code-yeongyu/oh-my-openagent#3990
- 39fb0143 Merge pull request #3986 from code-yeongyu/fix/continuation-message-dispatch
- 36f51ddb fix(continuation): mark fallback resumes synthetic
- 1189b96d fix(continuation): mark atlas resumes synthetic
- e49ba947 chore(deps): refresh platform lock entries
- 38b1433f fix(continuation): mark resumes synthetic
- 3f922643 fix(interactive-bash): prohibit tmux kill-server
- 286f5ccf when publish always discord
Security Fixes
- Prohibited interactive bash server shutdown via `tmux kill-server`
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Earlier breaking changes
Beta — feedback welcome: [email protected]