Skip to content

ota-run/ota](https:

v0.4.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo Developer Productivity
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

cli configuration contracts developer-tools infrastructure ota
+5 more
productivity repo-readiness rust validation workspace

Summary

AI summary

Improved OTA tooling with detailed AGENTS.md generation, enhanced diagnostics, and stricter path‑boundary checks.

Full changelog
  • ota agents now generates AGENTS.md with explicit ota run ... command forms and preserves user-authored content.
  • ota doctor, ota diff, ota explain, and workspace equivalents now carry richer provenance and readiness details.
  • Explicit path-boundary handling was tightened and workspace policy env receipts were hardened.

Security Fixes

  • Path‑boundary handling tightened and workspace policy env receipts hardened to prevent misuse.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ota-run/ota](https:

Get notified when new releases ship.

Sign up free

About ota-run/ota](https:

All releases →

Related context

Earlier breaking changes

  • v1.6.16 Enforce `metadata.ota.minimum_version` at contract load time across all commands.

Beta — feedback welcome: [email protected]