This release includes 1 security fix for security teams reviewing exposed deployments.
Published 2mo
AI Agents & Assistants
✓ No known CVEs patched
This release patches 1 known CVE
Topics
ai-agent
anthropic
claude-code
claude-code-plugin
cli
contribution-tracker
+6 more
developer-tools
github
github-automation
issue-discovery
pr-management
typescript
Affected surfaces
auth
rbac
Summary
AI summaryEnforce code verification in investigation agents, closing a security vulnerability.
Full changelog
1.11.0 (2026-03-27)
Features
- activate Gist persistence layer with opt-in setup, scope check, dashboard refresh, and unlink (#885) (2a1de39), closes #883
- add configurable diff viewer preference (SourceTree, VS Code, inline) (#898) (1b3825b), closes #890
- add pre-push hook to auto-run project formatter before pushing (#901) (ef7c5f9), closes #893
- dashboard: split active PRs into Need Attention and Waiting cards (#894) (d0f5986)
Bug Fixes
- check Node.js version compatibility before implementing changes (#900) (db12bd9), closes #892
- display full URLs instead of markdown links in CLI output (#897) (458b5ba), closes #889
- enforce code verification in investigation agents (#896) (8ab168f), closes #888
- enforce scope discipline — only implement what the maintainer asked for (#899) (0eec7a3), closes #891
- remove verification checkpoint — always auto-investigate before implementing (#895) (12e441f), closes #887
Security Fixes
- Enforce code verification in investigation agents — closes an unverified execution abuse vector
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About costajohnt/oss-autopilot
Open source contribution manager with PR tracking across repos, issue discovery, CI failure diagnosis, and maintainer response drafting. Available as CLI, MCP server, and Claude Code plugin.
Related context
Related tools
Beta — feedback welcome: [email protected]