Skip to content

MulmoClaude

v0.1.2 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 1mo LLM Frameworks
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Affected surfaces

auth deps

Summary

AI summary

Updates npm packages published, Security hardening, and Quick start ```bash across a mixed release.

Full changelog

Note: This is a package-only release for @mulmobridge/* npm packages. The MulmoClaude app version remains at v0.1.1 until the next app release.

Highlights

MulmoBridge now supports 12 messaging platforms — connect any of them to your AI agent running on your home PC.

New bridges (batch 2)

| Bridge | Package | Protocol |
|--------|---------|----------|
| Mattermost | @mulmobridge/mattermost | WebSocket + REST |
| Zulip | @mulmobridge/zulip | Long-polling events API |
| Facebook Messenger | @mulmobridge/messenger | Webhook + HMAC |
| Google Chat | @mulmobridge/google-chat | Webhook + JWT/OIDC |

Previously added bridges (batch 1)

Slack, Discord, LINE, WhatsApp, Matrix, IRC — all at v0.1.0.

Security hardening

  • Google Chat: JWT/OIDC token verification against Google's JWKS endpoint
  • Webhook bridges (Messenger, Google Chat): 1MB body size limit, per-IP rate limiting (120 req/min)
  • PII redaction in all bridge logs

Quick start

# Any bridge, one command:
npx @mulmobridge/mattermost@latest
npx @mulmobridge/zulip@latest
npx @mulmobridge/messenger@latest
npx @mulmobridge/google-chat@latest

See each package's README for required environment variables.

npm packages published

Security Fixes

  • Google Chat JWT/OIDC token verification against Google's JWKS endpoint
  • Webhook bridges enforce 1 MB body size limit and per‑IP rate limiting (120 req/min)
  • PII redaction added to all bridge logs
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track MulmoClaude

Get notified when new releases ship.

Sign up free

About MulmoClaude

All releases →

Related context

Earlier breaking changes

  • v0.6.4 `General` role split into lean `General` and new `Personal` role; Encore seed role pinned to Personal.

Beta — feedback welcome: [email protected]