Skip to content

escapeboy/agent-fleet-o

v1.12.0 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 2mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Topics

agent-orchestration agentic-ai ai-agents ai-automation autonomous-agents claude
+14 more
crewai-alternative langgraph-alternative laravel livewire llm-workflow mcp-server model-context-protocol multi-agent n8n-alternative ollama openai php self-hosted workflow-automation

Affected surfaces

auth rbac

Summary

AI summary

Thinking budget bounds, container isolation, PNG validation security fixes.

Full changelog

What's changed

  • chore: release v1.12.0 — crew dependencies, memory graph retrieval, tool RAG, code intelligence (5d20262)
  • fix(security): address 8 issues from security review (ce3724d)
  • fix: guard GIN index behind pgsql driver check; update resolver tests to use UUIDs (d62836a)
  • feat(code-intel): 4 MCP tools — code_search, code_structure, code_call_chain, code_skim_file + AgentFleetServer registration (83e390a)
  • feat(crew/tool/kg/code): Round 2 — auto-unblocking, ToolRagSelector integration, Memory graph search modes, code intelligence services (15d09e4)
  • feat(crew/kg/tool/code): foundation layer — DependencyGraph, KGTraversal, ToolRagSelector, code intelligence migrations (47ce591)
  • fix(skill): QA security fixes — tenant isolation + env() cleanup (d023152)
  • feat(skill): OpenSpace-inspired self-evolving skill engine (a67b9e9)
  • feat: Langfuse config via MCP tool + REST API (57420c6)
  • fix(security): thinking_budget bounds, container state isolation, PNG validation (8b699f2)
  • fix(artifacts): image mime/extension, thinking_budget in workflow steps (b6bb80e)
  • feat(agent): computer_use tool kind, thinking budget, screenshot artifacts (7a8b179)
  • fix(ai-gateway): remove cloud fallback for bridge_agent — fail fast instead of hallucinating (8794b0b)
  • fix: MCP and API coverage for v1.11.0 features (706cbc5)
  • fix(workflow): sanitize imported JSON nodes/edges — validate type and team-owned entity UUIDs (46a9a1f)
  • fix(crew): quality_gate convergence allows synthesis to proceed — QA score check is post-synthesis (7869108)
  • feat(workflow,crew): SLANG-inspired improvements — convergence, budget cap, schema editor, graph overlay (68e287e)
  • fix(bridge): clear stale endpoint_url when relay re-registers WebSocket connection (a55c484)
  • feat(bridge): UI for HTTP tunnel connect + ping in team settings (a1a136f)
  • feat(bridge): HTTP tunnel mode — connect via endpoint URL instead of relay (252e546)
  • ci: switch to self-hosted runner (7c72298)

Upgrade

git fetch --tags origin
git checkout tags/v1.12.0
composer install --no-dev --optimize-autoloader
php artisan migrate --force
php artisan optimize

Docker users: Pull the latest image and restart your containers.

Security Fixes

  • Thinking_budget bounds enforcement
  • Container state isolation hardening
  • PNG input validation to prevent malformed image exploits
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track escapeboy/agent-fleet-o

Get notified when new releases ship.

Sign up free

About escapeboy/agent-fleet-o

AI Agent Mission Control with 200+ MCP tools. Manage agents, experiments, workflows, crews, skills, and more via stdio + HTTP/SSE. Self-hosted, open-source (AGPL-3.0)

All releases →

Related context

Beta — feedback welcome: [email protected]