Skip to content

Commit 301d0fd

Browse files
chore(release): v9.1.1 - security patch (container CVE + HTTP response-path hardening) (#423)
A security-only patch with no feature or behavior changes. It remediates the high and critical findings from a full security sweep of the platform, SDKs, and dependencies. Self-hosting users should update to pick up the OpenSSL base-image fix and the response-path hardening. Highlights: - Base image: OpenSSL/libssl3 bumped past CVE-2026-45447. The agent and orchestrator runtime images now ship OpenSSL >= 3.5.7-r0 (was 3.5.6-r0). - Reflected-XSS hardening on the HTTP response paths: the recovery confirmation page now renders through contextual auto-escaping (html/template) instead of hand-rolled escaping, and the transparent response-writer wrappers set X-Content-Type-Options: nosniff so a reflected value cannot be MIME-sniffed as HTML. - Session identifiers are masked in logs: the MCP server handler now records only a short prefix, never the full value. Migration: additive, no action required. Full notes: https://docs.getaxonflow.com/docs/releases/v9-1-1 Signed-off-by: AxonFlow Team <bot@getaxonflow.com> Co-authored-by: AxonFlow Team <bot@getaxonflow.com>
1 parent 7f2c283 commit 301d0fd

72 files changed

Lines changed: 341 additions & 98 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/gitleaks.yml

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
name: Gitleaks
2+
3+
# Secret-scanning guard. Runs the same gitleaks rules as the pre-commit hook
4+
# (.pre-commit-config.yaml / .gitleaks.toml) in CI so a hardcoded key cannot
5+
# land even if a contributor has not installed the hook. Complements GitHub's
6+
# native push-protection / secret-scanning.
7+
8+
on:
9+
pull_request:
10+
types: [opened, synchronize, reopened]
11+
push:
12+
branches: [main]
13+
14+
# Least privilege: gitleaks only needs to read the checked-out tree.
15+
permissions:
16+
contents: read
17+
18+
jobs:
19+
gitleaks:
20+
name: Scan for hardcoded secrets
21+
runs-on: ubuntu-latest
22+
steps:
23+
- name: Checkout
24+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
25+
with:
26+
# Full history so the commit range below can be diffed.
27+
fetch-depth: 0
28+
29+
- name: Run gitleaks (scan PR/push delta only)
30+
env:
31+
# Keep in lockstep with the rev in .pre-commit-config.yaml.
32+
GITLEAKS_VERSION: 8.21.2
33+
BASE_SHA: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.event.before }}
34+
HEAD_SHA: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
35+
run: |
36+
set -euo pipefail
37+
curl -sSfL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" -o /tmp/gitleaks.tar.gz
38+
tar -xzf /tmp/gitleaks.tar.gz -C /tmp gitleaks
39+
chmod +x /tmp/gitleaks
40+
# Scan ONLY the commits introduced by this PR/push. A full-tree scan
41+
# would re-report the ~600 placeholder keys in *.env.example / test
42+
# fixtures plus the already-revoked pre-rotation keys in git history,
43+
# failing every run. This guard's job is to stop NEW secrets from
44+
# entering the tree. --redact keeps any match value out of the log.
45+
ZERO="0000000000000000000000000000000000000000"
46+
if [ -z "${BASE_SHA}" ] || [ "${BASE_SHA}" = "${ZERO}" ]; then
47+
# First push to a new branch / no resolvable base: scan the tip commit.
48+
LOG_OPTS="-1 ${HEAD_SHA}"
49+
else
50+
LOG_OPTS="${BASE_SHA}..${HEAD_SHA}"
51+
fi
52+
echo "Scanning commit range: ${LOG_OPTS}"
53+
/tmp/gitleaks detect \
54+
--source . \
55+
--log-opts="${LOG_OPTS}" \
56+
--config .gitleaks.toml \
57+
--redact \
58+
--verbose \
59+
--no-banner

CHANGELOG.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,24 @@ community mirror, **Enterprise** changes are EE-only.
1010

1111
---
1212

13+
## [9.1.1] - 2026-06-16 (security patch: container CVE, CodeQL hardening, IaC encryption)
14+
15+
**Security-only patch.** No feature or behavior changes. Remediates the high and critical findings from the 2026-06-16 security sweep (epic #2711).
16+
17+
### Security
18+
19+
**Community.**
20+
21+
- **Base image: OpenSSL/libssl3 bumped past CVE-2026-45447.** The agent and orchestrator runtime images now run `apk upgrade libssl3 libcrypto3` so the layer ships OpenSSL >= 3.5.7-r0 (was 3.5.6-r0). A local Trivy rescan confirms the container CVE is gone.
22+
- **Reflected-XSS hardening on the HTTP response paths.** The community-SaaS recovery confirmation page now renders through `html/template` (contextual auto-escaping) instead of `fmt.Sprintf` with a hand-rolled escaper; the transparent response-writer wrappers (idempotency replay, transparency headers, telemetry status capture, customer-portal request logging) now set `X-Content-Type-Options: nosniff` so a reflected value cannot be MIME-sniffed as HTML.
23+
- **Session identifiers are masked in logs.** The MCP server handler now logs only a short prefix of session IDs (bearer-style handles), never the full value.
24+
- **Path-injection guard on the cross-system HITL webhook test harness.** Dump filenames are restricted to a flat token, so a crafted `approval_id` cannot traverse outside the dump directory.
25+
26+
**Enterprise / infrastructure.**
27+
28+
- **Alert SNS topics are now encrypted with a customer-managed KMS key.** The alarm, first-payment, and synthetic-monitoring alert topics use a CMK whose key policy grants exactly the CloudWatch alarm service / canary Lambda the publish permissions they require.
29+
- **New gitleaks CI workflow.** Runs the existing `.gitleaks.toml` rules on every PR/push commit delta, complementing the pre-commit hook and GitHub push-protection. The esbuild dev-dependency in the MCP-policies example was bumped to 0.28.1.
30+
1331
## [9.1.0] - 2026-06-12 — Audit coverage made permanent, policy-inventory truth, a portal policy-display fix, and the sensitive-data lever now enforced
1432

1533
**Community.** v9.0.0 converged every enforcement plane onto one canonical audit vocabulary and closed the then-known early-return-deny holes by hand. v9.1.0 makes that coverage **durable** instead of a recurring pre-release sweep: a deterministic CI gate now fails the build whenever a Policy Enforcement Point's deny path doesn't write a canonical `audit_logs` row, the last remaining agent-plane gaps are closed (so the gate reports zero deferred exceptions), the built-in policy inventory is pinned to a single source of truth, a customer-portal bug that silently hid most seeded system policies is fixed, and the `sensitive-data` governance lever — long documented but inert — now actually enforces. **One behavior change to note:** the `strict` and `compliance` profiles now BLOCK credential/secret detections that previously only logged (see Fixed); set `SENSITIVE_DATA_ACTION=log` to retain the prior behavior. The audit and inventory changes are otherwise additive; a single data migration realigns a legacy sensitive-pattern phase column to the active action with no behavior change.

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
9.1.0
1+
9.1.1

docker-compose.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ services:
8787
DEPLOYMENT_MODE: ${DEPLOYMENT_MODE:-community}
8888
AXONFLOW_INTEGRATIONS: ${AXONFLOW_INTEGRATIONS:-}
8989
AXONFLOW_LICENSE_KEY: ${AXONFLOW_LICENSE_KEY:-}
90-
AXONFLOW_VERSION: "${AXONFLOW_VERSION:-9.1.0}"
90+
AXONFLOW_VERSION: "${AXONFLOW_VERSION:-9.1.1}"
9191

9292
# Anonymous platform startup telemetry — inherit the operator's
9393
# opt-out lever. CI / dev shells should export AXONFLOW_TELEMETRY=off
@@ -265,7 +265,7 @@ services:
265265
PORT: 8081
266266
DEPLOYMENT_MODE: ${DEPLOYMENT_MODE:-community}
267267
AXONFLOW_LICENSE_KEY: ${AXONFLOW_LICENSE_KEY:-}
268-
AXONFLOW_VERSION: "${AXONFLOW_VERSION:-9.1.0}"
268+
AXONFLOW_VERSION: "${AXONFLOW_VERSION:-9.1.1}"
269269

270270
# Anonymous platform startup telemetry — inherit the operator's
271271
# opt-out lever. See agent service above for the full rationale.

examples/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@ All examples use the latest SDK versions:
141141
| Python | `axonflow` | >=8.5.0 |
142142
| TypeScript | `@axonflow/sdk` | >=8.5.0 |
143143
| Go | `github.com/getaxonflow/axonflow-sdk-go/v8` | v8.5.0 |
144-
| Java | `com.getaxonflow:axonflow-sdk` | 8.5.0 |
144+
| Java | `com.getaxonflow:axonflow-sdk` | 8.5.1 |
145145
| Rust _(preview)_ | `axonflow-sdk-rust` | 0.7.0 |
146146

147147
## Environment Configuration

examples/audit-logging/java/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@
3232
<dependency>
3333
<groupId>com.getaxonflow</groupId>
3434
<artifactId>axonflow-sdk</artifactId>
35-
<version>8.5.0</version>
35+
<version>8.5.1</version>
3636
</dependency>
3737
<!-- Override transitive jackson-core for CVE fix -->
3838
<dependency>

examples/code-governance/java/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@
3232
<dependency>
3333
<groupId>com.getaxonflow</groupId>
3434
<artifactId>axonflow-sdk</artifactId>
35-
<version>8.5.0</version>
35+
<version>8.5.1</version>
3636
</dependency>
3737
<!-- Override transitive jackson-core for CVE fix -->
3838
<dependency>

examples/cost-controls/enforcement/java/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@
3232
<dependency>
3333
<groupId>com.getaxonflow</groupId>
3434
<artifactId>axonflow-sdk</artifactId>
35-
<version>8.5.0</version>
35+
<version>8.5.1</version>
3636
</dependency>
3737
<!-- Override transitive jackson-core for CVE fix -->
3838
<dependency>

examples/cost-controls/java/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@
3232
<dependency>
3333
<groupId>com.getaxonflow</groupId>
3434
<artifactId>axonflow-sdk</artifactId>
35-
<version>8.5.0</version>
35+
<version>8.5.1</version>
3636
</dependency>
3737
<!-- Override transitive jackson-core for CVE fix -->
3838
<dependency>

examples/cost-estimation/java/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@
3232
<dependency>
3333
<groupId>com.getaxonflow</groupId>
3434
<artifactId>axonflow-sdk</artifactId>
35-
<version>8.5.0</version>
35+
<version>8.5.1</version>
3636
</dependency>
3737
<!-- Override transitive jackson for GHSA-72hv-8253-57qq -->
3838
<dependency>

0 commit comments

Comments
 (0)