This release keeps dependencies and maintenance posture current for teams operating this tool.
✓ No known CVEs patched in this version
Topics
+14 more
ReleasePort's take
Light signalDocumentation for MAESTRO/OWASP AST security mitigations added to SKILL.md in v5.5.5, covering three Agent Security Threat findings.
Why it matters: Review Security Framework Assessment documentation if Network-AI operates in security-sensitive environments. Mitigations provide baseline threat assessment guidance; treat as security posture improvement.
Summary
AI summaryDocumentation added for MAESTRO/OWASP AST security mitigations.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Medium |
Added Security Framework Assessment (MAESTRO / OWASP AST) section to SKILL.md documenting mitigations for three MAESTRO Agent Security Threat findings. Added Security Framework Assessment (MAESTRO / OWASP AST) section to SKILL.md documenting mitigations for three MAESTRO Agent Security Threat findings. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high |
— |
| Dependency | Medium |
Version bumped to 5.5.5 across multiple files including package.json, skill.json, openapi.yaml, README.md, and others. Version bumped to 5.5.5 across multiple files including package.json, skill.json, openapi.yaml, README.md, and others. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low |
— |
Full changelog
v5.5.5 — MAESTRO / OWASP AST Framework Assessment
Type: Documentation
Date: 2026-05-17
What changed
Added a new Security Framework Assessment (MAESTRO / OWASP AST) section to SKILL.md documenting Network-AI's architectural mitigations for three MAESTRO Agent Security Threat findings:
AST03 — Over-Privileged Skills (High)
Mitigations documented: permission manifest in frontmatter (bundle_scope, network_calls: none); least-privilege resource gating with --confirm-high-risk for PAYMENTS/FILE_EXPORT; abstract-only resource labels (no external credentials); HMAC-signed grant tokens (v5.5.2); SandboxPolicy + FileAccessor path scoping; advisory-only token enforcement.
AST06 — Weak Isolation (High)
Mitigations documented: zero subprocesses / zero network calls declared in frontmatter; AgentRuntime ShellExecutor allowlist/timeout; SourceProtectionError on out-of-scope paths; NETWORK_AI_ENV environment isolation; ApprovalGate for high-risk ops; no hot-reload surface.
AST07 — Update Drift (Medium)
Mitigations documented: exact version pinning in package.json; zero transitive dependencies (Python stdlib only); signed tagged releases; Socket.dev supply chain monitoring; no auto-update mechanism; CHANGELOG.md audit trail.
Files changed
SKILL.md— new MAESTRO/OWASP AST section added (before ClawHub findings table)- Version bumped to 5.5.5 in
package.json,skill.json,openapi.yaml,README.md,CLAUDE.md,CODEX.md,ARCHITECTURE.md,BENCHMARKS.md,AUDIT_LOG_SCHEMA.md,INTEGRATION_GUIDE.md,references/adapter-system.md,.github/copilot-instructions.md,SECURITY.md,.github/SECURITY.md,ENTERPRISE.md,CHANGELOG.md
No code changes. All tests continue to pass.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Jovancoding/Network-AI
Multi-agent orchestration MCP server with race-condition-safe shared blackboard. 20+ MCP tools: blackboard read/write, agent spawn/stop, FSM transitions, budget tracking, token management, and audit log query. `npx network-ai-server --port 3001`.
Related context
Beta — feedback welcome: [email protected]