Skip to content

yakuphanycl/instinct

v1.4.4 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1d MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai-memory anthropic claude-code llm-tools mcp mcp-server
+2 more
memory-management self-learning

ReleasePort's take

Light signal
editorial:auto 1d

The _sanitize_inline function now neutralizes U+2028 and U+2029 Unicode line/paragraph separators.

Why it matters: Security severity is rated 90; this change mitigates injection risks involving those control characters in affected surfaces.

Summary

AI summary

_sanitize_inline now neutralizes U+2028 and U+2029 Unicode line/paragraph separators.

Changes in this release

Security Critical

_sanitize_inline now neutralizes U+2028/U+2029 Unicode line/paragraph separators

_sanitize_inline now neutralizes U+2028/U+2029 Unicode line/paragraph separators

Source: llm_adapter@2026-06-02

Confidence: high
Full changelog

Security: _sanitize_inline now neutralizes U+2028/U+2029 Unicode line/paragraph separators (R89-170b fast-follow to 1.4.3). Detection/threshold unchanged.

Security Fixes

  • _sanitize_inline neutralizes U+2028 and U+2029 Unicode line/paragraph separators (fast-follow to R89-170b).
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track yakuphanycl/instinct

Get notified when new releases ship.

Sign up free

About yakuphanycl/instinct

Self-learning memory for AI coding agents. Observes tool sequences, user preferences, and recurring fixes; confidence-based promotion (hits ≥5 → mature, ≥10 → rule)

All releases →

Related context

Beta — feedback welcome: [email protected]