AI-Infra-Guard by Tencent Zhuque Lab

v4.1.10 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 7d Offensive & Pentesting

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agent agent-security ai-infra ai-red-teaming ai-security llm

+13 more

llm-evaluation llm-jailbreak llm-security mcp-scan openclaw-security prompt-injection prompt-security scanner security security-tools skill-scanner skills-security vulnerability

ReleasePort's take

Moderate signal

editorial:auto 6d

The release adds CVE detection rules for junoclaw, lollms, and sglang while fixing several component bugs.

Why it matters: New CVE fingerprints improve threat visibility; bug fixes prevent uv run failures in Docker, eliminate Chromium zombie processes, and correct sglang YAML structure.

Summary

AI summary

Updates v4.1.10] - 2026-05-28, 6054e45, and 2c845e8 across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Adds CVE rules and fingerprints for junoclaw, lollms, sglang Adds CVE rules and fingerprints for junoclaw, lollms, sglang Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Low	Adds support for WebSocket agent providers in Scan Adds support for WebSocket agent providers in Scan Source: llm_adapter@2026-05-28 Confidence: high	—
Bugfix
Bugfix	Medium	Fixes uv run failures in Docker and improves dify version detection in Scan Fixes uv run failures in Docker and improves dify version detection in Scan Source: llm_adapter@2026-05-28 Confidence: high	—
Bugfix	Medium	Prevents zombie processes by adding defer Close() to Chromium Prevents zombie processes by adding defer Close() to Chromium Source: llm_adapter@2026-05-28 Confidence: high	—
Bugfix	Low	Corrects sglang fingerprint YAML structure to place version as top-level key Corrects sglang fingerprint YAML structure to place version as top-level key Source: llm_adapter@2026-05-28 Confidence: high	—

Full changelog

[v4.1.10] - 2026-05-28

Added

Data: Add CVE rules and fingerprints for new targets (junoclaw, lollms, sglang) (6054e45)
Scan: Support WebSocket agent providers (2c845e8)

Fixed

Scan: Resolve uv run failures in Docker and improve dify version detection (23f098a)
Chromium: Add defer Close() to prevent zombie processes (b617bf7)
Data: Correct sglang fingerprint YAML structure (version as top-level key) (653cc9a)

Changed

Docs: Add v4.1.9 to What's New across all 9 README languages (187442d)

Contributors

Special thanks to @feiyang666, @boyhack, @zhuque, @jucie-pie, @rocie799, @AIG-Bot, @aig-doc-bot

Security Fixes

CVE rule additions for new targets (junoclaw, lollms, sglang)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track AI-Infra-Guard by Tencent Zhuque Lab

Get notified when new releases ship.

About AI-Infra-Guard by Tencent Zhuque Lab

A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.

All releases →