Nystik-gh/ignis

v0.8.3+obsidian.1.12.7 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2d Productivity & Wikis

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Affected surfaces

auth rce_ssrf

ReleasePort's take

Moderate signal

editorial:auto 2d

The WebSocket message handler security issue has been fixed in this release.

Why it matters: Addresses a critical (severity 90) vulnerability affecting the WebSocket message handler; operators should update to v0.8.3+obsidian.1.12.7 immediately.

Summary

AI summary

Security issue in the WebSocket message handler was fixed.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Security issue in the WebSocket message handler fixed. Security issue in the WebSocket message handler fixed. Source: llm_adapter@2026-06-01 Confidence: high	—
Feature	Low	Added `WS_ORIGINS` env variable for WebSocket origin allowlist. Added `WS_ORIGINS` env variable for WebSocket origin allowlist. Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Medium	Tables in live preview edit mode no longer appear "squished" in Firefox. Tables in live preview edit mode no longer appear "squished" in Firefox. Source: llm_adapter@2026-06-01 Confidence: high	—
Refactor
Refactor	Low	Consolidated WebSocket connection into exposed Ignis API used by bridge and virtual plugins. Consolidated WebSocket connection into exposed Ignis API used by bridge and virtual plugins. Source: llm_adapter@2026-06-01 Confidence: high	—
Refactor	Low	Bridge now loads entirely virtually without disk installation. Bridge now loads entirely virtually without disk installation. Source: llm_adapter@2026-06-01 Confidence: high	—
Refactor	Low	Server plugin "companions" now load and manage as virtual plugins without disk installation. Server plugin "companions" now load and manage as virtual plugins without disk installation. Source: llm_adapter@2026-06-01 Confidence: high	—
Refactor	Low	Improved versioning with a single source of truth. Improved versioning with a single source of truth. Source: llm_adapter@2026-06-01 Confidence: high	—

Full changelog

Docker: nobbe/ignis:0.8.3 (also tagged latest)

Further overhaul in structure.

Changed

Consolidated the WebSocket connection into an exposed Ignis API that the bridge and virtual plugins use alike. (partly addresses #10)
Refactored the bridge to load entirely virtually; it no longer installs as a plugin on disk.
Refactored server plugin "companions" to load and be managed as virtual plugins. No longer installed into vaults on disk.
Improved versioning, now with a single source of truth.

Added

WS_ORIGINS origin allowlist env variable for increased security.

Fixed

Security issue in the WebSocket message handler.
Tables in live preview edit mode no longer appear "squished" in Firefox. (closes #17)

Security Fixes

Fixed security issue in the WebSocket message handler

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Nystik-gh/ignis

Get notified when new releases ship.

About Nystik-gh/ignis

All releases →