v9.1.1 - security patch
[9.1.1] - 2026-06-16 (security patch: container CVE, CodeQL hardening, IaC encryption)
Security-only patch. No feature or behavior changes. Remediates the high and critical findings from the 2026-06-16 security sweep (epic #2711).
Security
Community.
- Base image: OpenSSL/libssl3 bumped past CVE-2026-45447. The agent and orchestrator runtime images now run
apk upgrade libssl3 libcrypto3so the layer ships OpenSSL >= 3.5.7-r0 (was 3.5.6-r0). A local Trivy rescan confirms the container CVE is gone. - Reflected-XSS hardening on the HTTP response paths. The community-SaaS recovery confirmation page now renders through
html/template(contextual auto-escaping) instead offmt.Sprintfwith a hand-rolled escaper; the transparent response-writer wrappers (idempotency replay, transparency headers, telemetry status capture, customer-portal request logging) now setX-Content-Type-Options: nosniffso a reflected value cannot be MIME-sniffed as HTML. - Session identifiers are masked in logs. The MCP server handler now logs only a short prefix of session IDs (bearer-style handles), never the full value.
- Path-injection guard on the cross-system HITL webhook test harness. Dump filenames are restricted to a flat token, so a crafted
approval_idcannot traverse outside the dump directory.
Enterprise / infrastructure.
- Alert SNS topics are now encrypted with a customer-managed KMS key. The alarm, first-payment, and synthetic-monitoring alert topics use a CMK whose key policy grants exactly the CloudWatch alarm service / canary Lambda the publish permissions they require.
- New gitleaks CI workflow. Runs the existing
.gitleaks.tomlrules on every PR/push commit delta, complementing the pre-commit hook and GitHub push-protection. The esbuild dev-dependency in the MCP-policies example was bumped to 0.28.1.
Full changelog: https://github.com/getaxonflow/axonflow/blob/main/CHANGELOG.md