This release includes 3 security fixes for security teams reviewing exposed deployments.
Affected surfaces
ReleasePort's take
Light signalv0.6.2 introduces configurable Claude reasoning effort levels in Settings alongside UI reorganization, new SEC filing and SVG rendering plugins, and workspace-scoped agent permissions. Security improvements include webhook rate limiting and XSS mitigations for webhook challenges and wiki link rendering.
Why it matters: Test configurable effort levels in dev to match query complexity. Apply workspace permissions immediately to simplify first-run agent tool access. Deploy rate limiting and XSS mitigations for webhook security.
Summary
AI summaryConfigurable Claude effort levels, reorganized Settings UI, and file drop improvements across Highlights, Bridges, and Wiki.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Rate limiting applied to all webhook bridges with proxy trust. Rate limiting applied to all webhook bridges with proxy trust. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Security | Medium |
Wiki link rendering escapes HTML to prevent XSS attacks. Wiki link rendering escapes HTML to prevent XSS attacks. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Security | Medium |
Rate limit keyGenerator routes through ipKeyGenerator for IPv6 safety. Rate limit keyGenerator routes through ipKeyGenerator for IPv6 safety. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Security | Medium |
Webhook hub.challenge endpoint mitigates reflected XSS via whitelisting. Webhook hub.challenge endpoint mitigates reflected XSS via whitelisting. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Security | Medium |
hub.challenge endpoint whitelists response shape to mitigate reflected XSS (CodeQL js/reflected-xss). hub.challenge endpoint whitelists response shape to mitigate reflected XSS (CodeQL js/reflected-xss). Source: granite4.1:30b@2026-05-23-audit Confidence: low |
— |
| Feature | Medium |
New Model tab exposes configurable reasoning effort levels in Settings. New Model tab exposes configurable reasoning effort levels in Settings. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Settings menu reorganized from tabs to grouped left sidebar layout. Settings menu reorganized from tabs to grouped left sidebar layout. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Chat panel drag-and-drop improved with visual affordance and default guard. Chat panel drag-and-drop improved with visual affordance and default guard. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
New edgar plugin provides SEC filings access for agent tools. New edgar plugin provides SEC filings access for agent tools. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
New presentSVG plugin renders generated SVGs as inline canvas surfaces. New presentSVG plugin renders generated SVGs as inline canvas surfaces. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Fixed roles replaced with user-editable preset skills for greater flexibility. Fixed roles replaced with user-editable preset skills for greater flexibility. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Feature | Medium |
Fixed roles replaced with user‑editable preset skills (e.g., cookingCoach → mc-cooking-coach). Fixed roles replaced with user‑editable preset skills (e.g., cookingCoach → mc-cooking-coach). Source: granite4.1:30b@2026-05-23-audit Confidence: low |
— |
| Bugfix | Medium |
Workspace-scoped agent permissions eliminate first-run tool call blocking. Workspace-scoped agent permissions eliminate first-run tool call blocking. Source: llm_adapter@2026-05-21 Confidence: high |
— |
Full changelog
Highlights
Configurable reasoning effort (#1320 / #1323)
New Model tab in Settings exposes claude --effort (low / medium / high / xhigh / max). Persisted under <workspace>/config/settings.json; unset → Claude's default. Settings reload per-run, so the change applies on the next message without restart.
Settings menu reorganised (#1333)
The horizontal tab strip is now a grouped left sidebar (LLM / Servers / Workspace / Plugins). Modal widens from 36rem → 52rem (capped at 95vw on small viewports). All existing data-testid selectors preserved.
File drop on the chat panel (#1289)
Drag-and-drop now lights up the entire chat panel (was: just the input), with a visual affordance. The window default guard prevents accidental browser navigation when the drop lands outside.
EDGAR built-in plugin + Investor role
New server-only edgar plugin gives the agent direct access to SEC filings. Bundled into a new Investor role with Yahoo Finance instructions.
presentSVG plugin
New built-in plugin renders generated SVGs as inline canvas surfaces.
Preset skills replace fixed roles
cookingCoach role → mc-cooking-coach preset skill (#1286). settings role → mc-settings preset skill (#1283), then split into 3 focused subskills. Preset skills are user-editable; fixed roles aren't.
Workspace-scoped agent permissions
Permission allow-rules are now provisioned at server startup, so first-run permission prompts no longer block routine tool calls.
Security
- All 6 webhook bridges:
express-rate-limit+ env-driventrust proxy. - Bridges:
hub.challengeechoed astext/plainwith whitelisted shape (CodeQLjs/reflected-xss). - Wiki: HTML-escape target + display in
renderWikiLinks(XSS). - Rate-limit
keyGeneratorrouted throughipKeyGeneratorfor IPv6 safety.
Full Changelog
See CHANGELOG.md for the complete list including 30+ refactors and bug fixes.
Security Fixes
- HTML-escape target in Wiki `renderWikiLinks` to prevent XSS
- Echo `hub.challenge` as `text/plain` with whitelisted shape for Bridges
- Rate-limit webhooks via `express-rate-limit` and route `keyGenerator` through `ipKeyGenerator` for IPv6 safety
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About MulmoClaude
All releases →Related context
Related tools
Earlier breaking changes
- v0.6.4 `General` role split into lean `General` and new `Personal` role; Encore seed role pinned to Personal.
Beta — feedback welcome: [email protected]