Skip to content

Nimbalyst open source Obsidian, Codex app, and Linear for coding agents

v0.64.4 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 11h AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

agentic-ai ide wysiwyg-editor

Summary

AI summary

Claude Opus 4.8 becomes the default model with a live task‑queue panel in Claude Code.

Changes in this release

Security Medium

/clip endpoint now rejects requests from arbitrary web pages.

/clip endpoint now rejects requests from arbitrary web pages.

Source: granite4.1:30b@2026-06-03-audit

Confidence: low
Feature Low

Claude Opus 4.8 is now available in Claude provider with 1M context and defaults for new installs.

Claude Opus 4.8 is now available in Claude provider with 1M context and defaults for new installs.

Source: llm_adapter@2026-06-03

Confidence: high
Feature Low

Claude Code sessions display a live task queue panel in the right sidebar.

Claude Code sessions display a live task queue panel in the right sidebar.

Source: llm_adapter@2026-06-03

Confidence: high
Feature Low

"Commit with AI" now includes relevant related files in the commit proposal.

"Commit with AI" now includes relevant related files in the commit proposal.

Source: llm_adapter@2026-06-03

Confidence: high
Feature Low

Claude Opus 4.8 becomes the default model for new installs.

Claude Opus 4.8 becomes the default model for new installs.

Source: granite4.1:30b@2026-06-03-audit

Confidence: low
Bugfix Medium

Claude Code sessions selected on Opus 4.8 now actually run on version 4.8.

Claude Code sessions selected on Opus 4.8 now actually run on version 4.8.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

AI Usage Report no longer crashes the app; Claude Code token totals are reported accurately.

AI Usage Report no longer crashes the app; Claude Code token totals are reported accurately.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Tracker tool widgets no longer crash.

Tracker tool widgets no longer crash.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Commit proposal diff previews open at normal size instead of collapsing.

Commit proposal diff previews open at normal size instead of collapsing.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Quick Open file search no longer lags while typing.

Quick Open file search no longer lags while typing.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Terminal scrollback history is preserved even with stray NUL bytes.

Terminal scrollback history is preserved even with stray NUL bytes.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Meta‑agent child sessions inherit the parent session's provider and model.

Meta‑agent child sessions inherit the parent session's provider and model.

Source: llm_adapter@2026-06-03

Confidence: high
Full changelog

June 3rd Release

New Features

  • Claude Opus 4.8 is now available in the Claude provider with 1M context, and is the default model for new installs.
  • Claude Code Task List panel — Claude Code sessions now show the agent's live task queue in the right sidebar, including status, owner, and blocked-by dependencies.

Improvements

  • Default Claude model upgraded to Opus 4.8 for new sessions. Existing sessions keep their configured model.
  • Claude Code's opus-4-7 variants remain selectable for anyone who wants to stay on the previous model.
  • "Commit with AI" now includes relevant related files in the commit proposal.

Fixed

  • Claude Code sessions selected on Opus 4.8 now actually run on 4.8.
  • The AI Usage Report no longer crashes the app, and Claude Code session token totals are now reported accurately.
  • Tracker tool widgets no longer crash.
  • Commit proposal diff previews open at their normal size again instead of collapsing to a tiny popover.
  • Quick Open file search no longer lags while typing.
  • Terminal scrollback history is preserved even when output contains a stray NUL byte.
  • Meta-agent child sessions now inherit the parent session's provider and model.
  • The local /clip endpoint now rejects requests from arbitrary web pages.

Security Fixes

  • The local /clip endpoint now rejects requests from arbitrary web pages — prevents unauthorized clipboard access
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Nimbalyst open source Obsidian, Codex app, and Linear for coding agents

Get notified when new releases ship.

Sign up free

About Nimbalyst open source Obsidian, Codex app, and Linear for coding agents

All releases →

Related context

Beta — feedback welcome: [email protected]