Skip to content

Sencho

v0.74.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo Containers & Orchestration
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Affected surfaces

auth rbac

Summary

AI summary

Pilot outbound reverse‑tunnel hardened against resource exhaustion.

Full changelog

0.74.0 (2026-05-08)

Added

  • app-store: show inline port-conflict message on deploy sheet (#984) (86abd90)

Fixed

  • pilot: harden outbound reverse-tunnel against resource exhaustion (#979) (3d94896)
  • pilot: stop silently swallowing fs errors in agent token helpers (#985) (8f13a7f)
  • proxy: route pilot-agent HTTP via PilotTunnelBridge loopback (#989) (94ce7c7)
  • templates: align App Store deploy gate with stack:create permission (#986) (3112f58)

Security Fixes

  • Pilot outbound reverse‑tunnel hardened against resource exhaustion (mitigates abuse vector)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Sencho

Get notified when new releases ship.

Sign up free

About Sencho

All releases →

Related context

Beta — feedback welcome: [email protected]