Skip to content

InsForge

v2.0.2 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 2mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

ai ai-agents coding deno embeddings insforge
+7 more
nextjs oauth2 pgvector postgresql realtime vectors websockets

Affected surfaces

auth crypto_tls

Summary

AI summary

Patch security vulnerabilities (qs, handlebars) and upgrade Express.

Full changelog

What's Changed

  • Add Trendshift badge to README by @tonychang04 in https://github.com/InsForge/InsForge/pull/831
  • chore: fix all failing unit tests and add frontend test infrastructure by @mdp in https://github.com/InsForge/InsForge/pull/829
  • phased-build image by @jwfing in https://github.com/InsForge/InsForge/pull/830
  • Add server client type by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/834
  • Refactor/docker no deno by @jwfing in https://github.com/InsForge/InsForge/pull/833
  • Fix path-to-regexp wildcard route compatibility by @aalhadxx in https://github.com/InsForge/InsForge/pull/840
  • Upgrade GitHub Actions for Node 24 compatibility by @salmanmkc in https://github.com/InsForge/InsForge/pull/853
  • Upgrade GitHub Actions to latest versions by @salmanmkc in https://github.com/InsForge/InsForge/pull/854
  • feat/realtime: implemented channel creation flow by @prakharsingh-74 in https://github.com/InsForge/InsForge/pull/838
  • Add secret reveal and copy controls by @benzaid32 in https://github.com/InsForge/InsForge/pull/871
  • feat(auth): make providers column badges responsive to column width by @abdur4code in https://github.com/InsForge/InsForge/pull/877
  • docs: fix inconsistent ampersand escaping in Japanese README by @AbdulWasih05 in https://github.com/InsForge/InsForge/pull/881
  • fix(security): use pg-format identifier quoting for table name interpolation by @babuClawd in https://github.com/InsForge/InsForge/pull/869
  • fix(storage): prevent FilePreviewDialog content and actions from overflowing dialog by @adi-rajput in https://github.com/InsForge/InsForge/pull/886
  • fix(security): harden encryption and prevent path traversal in storage by @RinZ27 in https://github.com/InsForge/InsForge/pull/839
  • docs: Add AWS config env vars and improve JSDoc comments by @hiSandog in https://github.com/InsForge/InsForge/pull/865
  • fix(database): add authentication middleware to records and RPC routes by @gokul-hastrophil in https://github.com/InsForge/InsForge/pull/899
  • fix(#898 logs): enable pagination on main logs page by @happyaaa in https://github.com/InsForge/InsForge/pull/900
  • fix: enable MCP logs pagination with correct display by @bbddbb1 in https://github.com/InsForge/InsForge/pull/888
  • Fix bug in MCP logs page by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/915
  • fix(frontend): persist tables column widths across navigation and sch… by @rickyyyxu in https://github.com/InsForge/InsForge/pull/867
  • Feat: Add Automatic Retention / Recycling for Realtime Messages by @prakharsingh-74 in https://github.com/InsForge/InsForge/pull/885
  • fix: warn on missing ENCRYPTION_KEY to prevent data loss during JWT_SECRET rotation by @JeevaAnanthV in https://github.com/InsForge/InsForge/pull/906
  • docs: remove outdated i18n translations by @AbdulWasih05 in https://github.com/InsForge/InsForge/pull/923
  • Add Realtime messages retention by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/929
  • fix issues on an all-new environment by @jwfing in https://github.com/InsForge/InsForge/pull/931
  • fix: prevent admin session cookie overwrite when adding a user (#808) by @marsii1017 in https://github.com/InsForge/InsForge/pull/894
  • Fix admin create user by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/933
  • fix: escape LIKE wildcards in storage listObjects search and prefix params by @JeevaAnanthV in https://github.com/InsForge/InsForge/pull/904
  • Remove any types by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/936
  • add target for product build by @jwfing in https://github.com/InsForge/InsForge/pull/942
  • fix(frontend): add missing DialogDescription for dialog accessibility by @babuClawd in https://github.com/InsForge/InsForge/pull/926
  • feat(database): add adjustable pagination limit for table view by @Coder-Joe458 in https://github.com/InsForge/InsForge/pull/893
  • fix: clamp negative offset/limit params to prevent 500 errors (closes #919) by @JeevaAnanthV in https://github.com/InsForge/InsForge/pull/920
  • lock exp to 4.x by @jwfing in https://github.com/InsForge/InsForge/pull/947
  • fix: ensure correct ordering of DB and provider ops in bucket create/delete by @JeevaAnanthV in https://github.com/InsForge/InsForge/pull/908
  • feat(ui): unify empty states across DataGrid pages by @aanandkamal709-pixel in https://github.com/InsForge/InsForge/pull/946
  • fix(login): replace hardcoded colors with semantic theme tokens by @abdur4code in https://github.com/InsForge/InsForge/pull/950
  • fix: Add pagination to Function runtime logs by @Sigmabrogz in https://github.com/InsForge/InsForge/pull/941
  • feat(storage): add Storage Settings dialog and configurable max upload size (#940) by @Davidson3556 in https://github.com/InsForge/InsForge/pull/945
  • Add Custom OAuth Provider to authentication methods by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/927
  • Fix migration file numbers by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/963
  • feat(ai): add BYOK support for AI Model Gateway OpenRouter keys (#882) by @Abh1shxkk in https://github.com/InsForge/InsForge/pull/928
  • fix(settings): add rotate API key button to Settings Menu Dialog by @abhigyan1102 in https://github.com/InsForge/InsForge/pull/960
  • Add edge function management actions by @benzaid32 in https://github.com/InsForge/InsForge/pull/948
  • fix(docker): build shared-schemas and ui before starting dev server by @Coder-Joe458 in https://github.com/InsForge/InsForge/pull/980
  • fix: remove mock data from deployments env var service by @Abh1shxkk in https://github.com/InsForge/InsForge/pull/975
  • Support bulk env var input and .env paste parsing in Deployments by @powxenv in https://github.com/InsForge/InsForge/pull/983
  • Add custom domain support by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/967
  • docs: add gitcgr code graph badge by @vitali87 in https://github.com/InsForge/InsForge/pull/994
  • Feat byok openrouter by @CarmenDou in https://github.com/InsForge/InsForge/pull/966
  • fix(storage): prevent baseDir deletion via invalid bucket names by @NSTKrishna in https://github.com/InsForge/InsForge/pull/944
  • fix: widen Model column in Gateway UI to prevent truncated names (#999) by @Davidson3556 in https://github.com/InsForge/InsForge/pull/1001
  • fix(docker): set correct ownership on storage and logs volume dirs by @tonychang04 in https://github.com/InsForge/InsForge/pull/1006
  • fix: patch undici and fast-xml-parser vulnerabilities by @jwfing in https://github.com/InsForge/InsForge/pull/1007
  • Add allowed redirect URLs & remove hosted auth by @CarmenDou in https://github.com/InsForge/InsForge/pull/996
  • fix: rate limit Vercel file uploads to prevent 429 errors by @tonychang04 in https://github.com/InsForge/InsForge/pull/1009
  • UI Refinement by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/1010
  • fix: pin Express to v4 and remove arm64 Docker build by @tonychang04 in https://github.com/InsForge/InsForge/pull/1011
  • fix: use native ARM runner for multi-arch Docker build by @tonychang04 in https://github.com/InsForge/InsForge/pull/1013
  • fix: upgrade express to ^4.22.0 to resolve qs CVE-2025-15284 by @jwfing in https://github.com/InsForge/InsForge/pull/1017
  • fix: disable auto-generated latest tag in multi-arch Docker build by @tonychang04 in https://github.com/InsForge/InsForge/pull/1018
  • fix: patch handlebars CVE-2026-33916 via npm override by @jwfing in https://github.com/InsForge/InsForge/pull/1019
  • fix: optimize Dockerfile layer caching to reduce image pull sizes by @tonychang04 in https://github.com/InsForge/InsForge/pull/1022
  • add OSS skills by @Fermionic-Lyu in https://github.com/InsForge/InsForge/pull/1015
  • Fix Gemini embedding default dimensions: 768 → 3072 by @tonychang04 in https://github.com/InsForge/InsForge/pull/1026
  • fix: harden SECURITY DEFINER functions and RLS policy by @jwfing in https://github.com/InsForge/InsForge/pull/1027
  • docs: update quickstart to use InsForge CLI by @jwfing in https://github.com/InsForge/InsForge/pull/1025
  • Release 2.0.2 by @jwfing in https://github.com/InsForge/InsForge/pull/1028

New Contributors

  • @mdp made their first contribution in https://github.com/InsForge/InsForge/pull/829
  • @aalhadxx made their first contribution in https://github.com/InsForge/InsForge/pull/840
  • @salmanmkc made their first contribution in https://github.com/InsForge/InsForge/pull/853
  • @abdur4code made their first contribution in https://github.com/InsForge/InsForge/pull/877
  • @AbdulWasih05 made their first contribution in https://github.com/InsForge/InsForge/pull/881
  • @babuClawd made their first contribution in https://github.com/InsForge/InsForge/pull/869
  • @adi-rajput made their first contribution in https://github.com/InsForge/InsForge/pull/886
  • @RinZ27 made their first contribution in https://github.com/InsForge/InsForge/pull/839
  • @hiSandog made their first contribution in https://github.com/InsForge/InsForge/pull/865
  • @gokul-hastrophil made their first contribution in https://github.com/InsForge/InsForge/pull/899
  • @happyaaa made their first contribution in https://github.com/InsForge/InsForge/pull/900
  • @bbddbb1 made their first contribution in https://github.com/InsForge/InsForge/pull/888
  • @rickyyyxu made their first contribution in https://github.com/InsForge/InsForge/pull/867
  • @JeevaAnanthV made their first contribution in https://github.com/InsForge/InsForge/pull/906
  • @marsii1017 made their first contribution in https://github.com/InsForge/InsForge/pull/894
  • @Coder-Joe458 made their first contribution in https://github.com/InsForge/InsForge/pull/893
  • @aanandkamal709-pixel made their first contribution in https://github.com/InsForge/InsForge/pull/946
  • @Sigmabrogz made their first contribution in https://github.com/InsForge/InsForge/pull/941
  • @Abh1shxkk made their first contribution in https://github.com/InsForge/InsForge/pull/928
  • @abhigyan1102 made their first contribution in https://github.com/InsForge/InsForge/pull/960
  • @powxenv made their first contribution in https://github.com/InsForge/InsForge/pull/983
  • @vitali87 made their first contribution in https://github.com/InsForge/InsForge/pull/994
  • @NSTKrishna made their first contribution in https://github.com/InsForge/InsForge/pull/944

Full Changelog: https://github.com/InsForge/InsForge/compare/v2.0.1...v2.0.2

Security Fixes

  • CVE-2025-15284 — upgrade express to ^4.22.0 (qs vulnerability)
  • CVE-2026-33916 — patch handlebars via npm override
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track InsForge

Get notified when new releases ship.

Sign up free

About InsForge

All releases →

Related context

Earlier breaking changes

  • v2.1.8 Restricts raw SQL permission to project_admin role only.

Beta — feedback welcome: [email protected]