This release includes 1 security fix for security teams reviewing exposed deployments.
Published 2mo
AI Agents & Assistants
✓ No known CVEs patched
This release patches 1 known CVE
Topics
ade
agents
claude-code
codex
copilot
developer-tools
+5 more
gemini
mobile
opencode
orchestration
pi
Affected surfaces
rce_ssrf
Summary
AI summaryShell injection, symlink escape, and pairing endpoint security hardening.
Full changelog
0.1.44 - 2026-04-03
Fixed
- Desktop app now stops the daemon cleanly before auto-update restarts.
- Disabled claude-acp and copilot providers from the agent registry.
- Keyboard focus scope resolution now checks multiple candidates for broader compatibility.
- OpenCode interrupt now reaches correct terminal state parity with tool-call flows.
- Shell injection, symlink escape, and pairing endpoint security hardening.
Security Fixes
- Shell injection, symlink escape, and pairing endpoint security hardening.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Paseo
All releases →Related context
Related tools
Beta — feedback welcome: [email protected]