graphify

v0.8.14 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 14d RAG & Retrieval

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

antigravity claude-code codex gemini graphrag knowledge-graph

+5 more

leiden openclaw llm skills tree-sitter

Affected surfaces

rce_ssrf

Summary

AI summary

Fixed Wiki crash on stale node IDs, honored .gitignore when no .graphifyignore exists, added --exclude flag for runtime exclusions, skipped .worktrees/ directories, and corrected NAT64 SSRF false‑positive.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	NAT64 SSRF false-positive fixed; hosts like arxiv.org on IPv6-only networks resolving via RFC 6052 NAT64 are no longer incorrectly blocked as reserved IPs. NAT64 SSRF false-positive fixed; hosts like arxiv.org on IPv6-only networks resolving via RFC 6052 NAT64 are no longer incorrectly blocked as reserved IPs. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	New CLI flag --exclude added to pass extra gitignore-style exclusion patterns at runtime without modifying .graphifyignore. New CLI flag --exclude added to pass extra gitignore-style exclusion patterns at runtime without modifying .graphifyignore. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Bugfix
Bugfix	Medium	Wiki crash on stale node IDs is fixed; to_wiki() no longer crashes with TypeError when community node IDs are stale after dedup or re-extract. Wiki crash on stale node IDs is fixed; to_wiki() no longer crashes with TypeError when community node IDs are stale after dedup or re-extract. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Bugfix	Medium	.gitignore fallback implemented; when no .graphifyignore exists, .gitignore patterns are now honoured. .gitignore fallback implemented; when no .graphifyignore exists, .gitignore patterns are now honoured. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Bugfix	Medium	Git worktree sibling checkouts inside .worktrees/ are skipped and no longer indexed as duplicate source. Git worktree sibling checkouts inside .worktrees/ are skipped and no longer indexed as duplicate source. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Bugfix	Medium	`to_wiki()` no longer crashes with `TypeError` on stale node IDs; drops them silently and warns. `to_wiki()` no longer crashes with `TypeError` on stale node IDs; drops them silently and warns. Source: granite4.1:30b@2026-05-20-audit Confidence: low	—
Bugfix	Low	Fallback to `.gitignore` when no `.graphifyignore` is present; `.graphifyignore` still takes precedence if both exist. Fallback to `.gitignore` when no `.graphifyignore` is present; `.graphifyignore` still takes precedence if both exist. Source: granite4.1:30b@2026-05-20-audit Confidence: low	—

Full changelog

What's fixed

Wiki crash on stale node IDs — to_wiki() no longer crashes with TypeError when community node IDs are stale after dedup or re-extract. Stale IDs are silently dropped with a stderr warning; raises a clear error only if every ID is stale (#936)
.gitignore fallback — when no .graphifyignore exists, .gitignore patterns are now honoured. .graphifyignore still takes precedence when both are present (#945)
--exclude flag — new CLI flag to pass extra gitignore-style exclusion patterns at runtime without modifying .graphifyignore (#947)
.worktrees/ skipped — git worktree sibling checkouts inside .worktrees/ are no longer indexed as duplicate source (#947)
NAT64 SSRF false-positive fixed — hosts like arxiv.org on IPv6-only networks that resolve via RFC 6052 NAT64 (64:ff9b::/96) were incorrectly blocked as reserved IPs

Upgrade

uv tool upgrade graphifyy
# or
pip install --upgrade graphifyy

Security Fixes

NAT64 SSRF false‑positive fixed: hosts resolving via RFC 6052 NAT64 (e.g., arxiv.org on IPv6‑only networks) no longer blocked as reserved IPs

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track graphify

Get notified when new releases ship.

About graphify

AI coding assistant skill (Claude Code, Codex, OpenCode, Cursor, Gemini CLI, OpenClaw, Factory Droid, Trae). Turn any folder of code, docs, papers, images, videos, or YouTube links into a queryable knowledge graph

All releases →

Related context

Related tools

Earlier breaking changes

v0.8.18 Breaks Java `extends` edges; they are renamed to `inherits`. Update queries filtering on `relation="extends"` for Java nodes.