This release includes 6 security fixes for security teams reviewing exposed deployments.
Published 2mo
CLI & Terminal
✓ No known CVEs patched
This release patches 6 known CVEs
Topics
agentic-ai
ai-agent
ai-agents
ai-coding
browser-automation
claude
+12 more
claude-code
coding-agent
developer-tools
electron
gemini
mcp-server
multi-agent
powershell
terminal-multiplexer
tmux
tmux-alternative
windows
Affected surfaces
auth
rce_ssrf
deps
Summary
AI summaryUpdates Stability & Fixes, Security Hardening, and Real A2A Protocol across a mixed release.
Full changelog
What's New
Real A2A Protocol
- Replaced fake A2A messaging with a real task-based Agent-to-Agent protocol following Google A2A spec
- Task lifecycle management: submitted → working → completed/failed/canceled
- Structured message parts (text, data, file) with artifact support
Security Hardening (by @Zurgli)
- Browser RPC boundary: Removed raw
browser.cdp.send, replaced with reviewedbrowser.goBack - SSRF enforcement: DNS-resolved IP validation blocks private/link-local/metadata addresses
- Filesystem bridge:
realpathcanonicalization prevents symlink-based path traversal - Browser profile isolation: Dynamic partition from
ProfileManagerinstead of hardcoded string - Export path restriction: Browser exports locked to
~/.wmux/exports - Token hardening: Centralized
secureWriteTokenFilewith Windows ACL — fails closed on error
Features
- Support Shift+Enter newline in Claude Code input
- Bundle Cascadia Code font for consistent terminal rendering
- New app icon (>w terminal face design)
- CONTRIBUTING.md added
Stability & Fixes
- Fix intermittent CJK text garbling on font load race
- Fix WebGL context exhaustion, font garbling, resize drag, and MCP browser reliability
- Keep MCP registration persistent across wmux restarts
- Fix transparent overlay to block webview pointer capture during resize
- Increase daemon pipe fallback attempts from 4 to 8
- Connect daemon before creating window to prevent session loss
- Re-reconcile PTYs when daemon connects after renderer load
- Reclaim zombie Windows named pipes instead of falling back
- Auto-open browser surface when no CDP page exists
- Wrap paste in bracketed paste sequences and expose readImage API
- Simplify Inspector output to minimal AI-actionable info
- Remove file-based session persistence, rely on daemon memory
Contributors
- @Zurgli — First external contributor! Submitted comprehensive security hardening across 6 areas with test coverage. Thank you! 🎉
Full Changelog: https://github.com/openwong2kim/wmux/compare/v2.2.2...v2.4.0
What's Changed
- Security hardening for browser boundary, SSRF, FS bridge, profile isolation, exports, and tokens by @Zurgli in https://github.com/openwong2kim/wmux/pull/1
- Security hardening for browser boundary, SSRF, FS bridge, profile isolation, exports, and tokens by @Zurgli in https://github.com/openwong2kim/wmux/pull/2
New Contributors
- @Zurgli made their first contribution in https://github.com/openwong2kim/wmux/pull/1
Full Changelog: https://github.com/openwong2kim/wmux/compare/v2.3.1...v2.4.0
Breaking Changes
- Removed `browser.cdp.send` raw RPC call; replaced with reviewed `browser.goBack` method.
Security Fixes
- Browser RPC boundary hardening: removed `browser.cdp.send`, replaced with reviewed `browser.goBack`.
- SSRF enforcement added to block private/link‑local/metadata IP addresses during DNS resolution.
- Filesystem bridge now uses `realpath` canonicalization to prevent symlink‑based path traversal.
- Browser profile isolation switched from hardcoded string to dynamic partition via `ProfileManager`.
- Export paths restricted to `~/.wmux/exports` directory.
- Token handling centralized in `secureWriteTokenFile` with Windows ACL enforcement, failing closed on error.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Wmux
All releases →Related context
Beta — feedback welcome: [email protected]