Skip to content

orch8-io/engine

v0.2.0 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 1mo Containers & Orchestration
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Affected surfaces

auth

Summary

AI summary

Fixes multiple SQL injection vulnerabilities in Sentinel by removing unsafe format! usage

Full changelog

What's Changed

  • 🛡️ Sentinel: [HIGH] Fix SQL Injection vulnerability by removing format! from sqlx query by @ovasylenko in https://github.com/orch8-io/engine/pull/6
  • ⚡ Bolt: eliminate DashMap write-lock contention on circuit breaker hot paths by @ovasylenko in https://github.com/orch8-io/engine/pull/7
  • 🛡️ Sentinel: [MEDIUM] Refactor format! out of SQLx queries in SQLite storage by @ovasylenko in https://github.com/orch8-io/engine/pull/11
  • ⚡ Bolt: Avoid string allocations when grouping by concurrency keys by @ovasylenko in https://github.com/orch8-io/engine/pull/12
  • 🛡️ Sentinel: [MEDIUM] Fix dynamic SQL format! in SQLite bulk_reschedule by @ovasylenko in https://github.com/orch8-io/engine/pull/15
  • ⚡ Bolt: Optimize HashMap key allocations in storage concurrency checks by @ovasylenko in https://github.com/orch8-io/engine/pull/14

Full Changelog: https://github.com/orch8-io/engine/compare/v0.1.0...v0.2.0

Security Fixes

  • CVE‑XXXX‑0001 – Sentinel SQL injection vulnerability fixed by removing format! from sqlx queries (HIGH severity)
  • CVE‑XXXX‑0002 – Sentinel dynamic SQL format! issue fixed in SQLite bulk_reschedule (MEDIUM severity)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track orch8-io/engine

Get notified when new releases ship.

Sign up free

About orch8-io/engine

All releases →

Related context

Beta — feedback welcome: [email protected]