Bilig

vlibraries-v0.90.7 scope: libraries Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 10d Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agent-tools ai-agents excel excel-formulas formula-engine formula-recalculation

+14 more

headless-spreadsheet mcp mcp-server model-context-protocol nodejs spreadsheet spreadsheet-automation spreadsheet-engine spreadsheet-formulas typescript workbook-api xlsx xlsx-formulas xlsx-recalculation

ReleasePort's take

Light signal

editorial:auto 10d

The xlsx module now rejects risky defined‑name cache passthrough.

Why it matters: Mitigates potential injection risks via the xlsx defined‑name cache; relevant for any code using the xlsx library.

Summary

AI summary

Updates Libraries v0.90.7, xlsx, and a52af388 across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Bugfix	Medium	Rejects risky defined-name cache passthrough in xlsx module. Rejects risky defined-name cache passthrough in xlsx module. Source: llm_adapter@2026-05-24 Confidence: high	—

Full changelog

Libraries v0.90.7

Release type: patch
Previous libraries tag: libraries-v0.90.6
Manual override: no

Fixes

fix(xlsx): reject risky defined-name cache passthrough (a52af388)

Security Fixes

fix(xlsx): reject risky defined-name cache passthrough (a52af388)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Bilig

Get notified when new releases ship.

About Bilig

All releases →