Bilig

vlibraries-v0.90.6 scope: libraries Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 10d Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agent-tools ai-agents excel excel-formulas formula-engine formula-recalculation

+14 more

headless-spreadsheet mcp mcp-server model-context-protocol nodejs spreadsheet spreadsheet-automation spreadsheet-engine spreadsheet-formulas typescript workbook-api xlsx xlsx-formulas xlsx-recalculation

Affected surfaces

rce_ssrf

ReleasePort's take

Light signal

editorial:auto 10d

The xlsx module now rejects risky cached formula passthroughs.

Why it matters: Mitigates potential security risks from unsafe cached formulas in xlsx files; relevant for any application processing such data.

Summary

AI summary

Updates Libraries v0.90.6, xlsx, and c7ed48fb across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Bugfix	Medium	Rejects risky cached formula passthrough in xlsx module. Rejects risky cached formula passthrough in xlsx module. Source: llm_adapter@2026-05-24 Confidence: high	—

Full changelog

Libraries v0.90.6

Release type: patch
Previous libraries tag: libraries-v0.90.5
Manual override: no

Fixes

fix(xlsx): reject risky cached formula passthrough (c7ed48fb)

Security Fixes

Rejected risky cached formula passthrough in xlsx (commit c7ed48fb)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Bilig

Get notified when new releases ship.

About Bilig

All releases →