fix(config): sanitize validation log output to prevent control character injection (#39116)
Co-authored-by: Bill <gsamzn@gmail.com>
This commit is contained in:
Peter Steinberger
@@ -262,6 +262,7 @@ Docs: https://docs.openclaw.ai
|
||||
- Models/provider apiKey persistence hardening: when a provider `apiKey` value equals a known provider env var value, persist the canonical env var name into `models.json` instead of resolved plaintext secrets. (#38889) Thanks @gambletan.
|
||||
- Discord/model picker persistence check: add a short post-dispatch settle delay before reading back session model state so picker confirmations stop reporting false mismatch warnings after successful model switches. (#39105) Thanks @akropp.
|
||||
- Agents/OpenAI WS compat store flag: omit `store` from `response.create` payloads when model compat sets `supportsStore: false`, preventing strict OpenAI-compatible providers from rejecting websocket requests with unknown-field errors. (#39113) Thanks @scoootscooob.
|
||||
- Config/validation log sanitization: sanitize config-validation issue paths/messages before logging so control characters and ANSI escape sequences cannot inject misleading terminal output from crafted config content. (#39116) Thanks @powermaster888.
|
||||
|
||||
## 2026.3.2
|
||||
|
||||
|
||||
Reference in New Issue
Block a user