This release includes 1 security fix for security teams reviewing exposed deployments.
Published 2mo
CLI & Terminal
✓ No known CVEs patched
This release patches 1 known CVE
Topics
agentic-ai
ai-agent
ai-agents
ai-coding
browser-automation
claude
+12 more
claude-code
coding-agent
developer-tools
electron
gemini
mcp-server
multi-agent
powershell
terminal-multiplexer
tmux
tmux-alternative
windows
Affected surfaces
auth
rbac
rce_ssrf
Summary
AI summaryCDP browser automation enables reliable Electron webview interaction with input handling and screenshot capture.
Full changelog
wmux v2.0.0
Major release with CDP browser automation, security hardening, and daemon process.
New Features
Browser Automation via CDP
- All browser tools now work reliably with Electron webviews via Chrome DevTools Protocol
- browser_click, browser_fill, browser_type use CDP Input events (handles CJK, React controlled inputs)
- browser_screenshot uses CDP Page.captureScreenshot (no more timeouts)
- browser_evaluate uses CDP Runtime.evaluate with userGesture mode
Security Hardening
- Token auth on all IPC pipes, SSRF protection, input sanitization
- CDP port randomization, memory pressure watchdog
- Dangerous pattern warnings, env var blocklist, file permission hardening
Daemon Process
- Background session management with suspend/resume and auto-recovery
- Dead session TTL reaping, process monitoring watchdog
Workspace Reset
- Settings > General > one-click reset for all workspaces
npm
npm install -g @wong2kim/[email protected]
Full Changelog
https://github.com/openwong2kim/wmux/compare/v1.1.2...v2.0.0
Security Fixes
- Token authentication added to all IPC pipes; SSRF protection implemented; input sanitization enforced across CDP interfaces.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Wmux
All releases →Related context
Beta — feedback welcome: [email protected]