Skip to content

v0.43.7

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 12 Feb 06:20
· 37 commits to main since this release
v0.43.7
9513a84
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

This release strengthens security, enhances configuration flexibility, and improves workflow validation with compile-time checks and better debugging visibility.

🔒 Security Enhancements

@mention Sanitization Fix - Closed a bypass vulnerability where underscore-prefixed mentions (test_@user) could evade sanitization. The regex now explicitly blocks [^A-Za-z0-9]patterns instead of[^\w], ensuring all mention variations are properly escaped. #15076

Title Field Sanitization - Title fields now receive full content sanitization, including @mention escaping, dangerous URL protocol blocking ((redacted) (redacted) and 128-character enforcement. This aligns title security with text content standards. #15077

✨ New Features

Footer Control - Added footer: false boolean field to safe-output configurations (both individual and global levels). When disabled, AI-generated footers are omitted while XML markers remain for searchability. Perfect for cleaner automation outputs. #15079

Cross-Repo Base Branch - New base-branch field for create-pull-request enables targeting non-default branches in external repositories. Essential for workflows creating PRs to vnext, develop, or other branches in cross-repo scenarios. #15089

Concurrency Expression Validation - Compile-time syntax validation now catches errors in custom concurrency group expressions (unbalanced braces, unclosed quotes, malformed operators) before runtime, saving debugging time. #15082

🐛 Bug Fixes & Improvements

Safe-Output Debugging - Step summaries now log raw .jsonl content via core.info(), providing visibility into exactly what the handler processed—invaluable for troubleshooting unexpected outputs. #15083

Standardized Agent Summaries - Agent conversation output now consistently displays as "Agentic Conversation" across all AI engines (Copilot, Claude, Codex), replacing parser-specific titles for uniform UX. #15072

Experimental Feature Warning - The rate-limit configuration now emits a compile-time warning, clearly marking it as experimental and aligning with other preview features. #15073

Updated Dependencies - Bumped to gh-aw-firewall v0.14.1 and gh-aw-mcpg v0.1.4, bringing the latest stability and security improvements to network isolation and MCP gateway components. #15088

For complete details, see CHANGELOG.

Generated by Release

What's Changed

  • Mark rate-limit as experimental by @Copilot in #15073
  • Standardize agent output summary title to "Agentic Conversation" by @Copilot in #15072
  • Fix @mention sanitization bypass with underscore prefix by @Copilot in #15076
  • Apply full content sanitization to title fields by @Copilot in #15077
  • Log raw .jsonl content when writing safe-output step summaries by @Copilot in #15083
  • Add compile-time syntax validation for concurrency group expressions by @Copilot in #15082
  • Add footer boolean field to safe-output configurations (individual and global) by @Copilot in #15079
  • Bump gh-aw-firewall to v0.14.1 and gh-aw-mcpg to v0.1.4 by @Copilot in #15088
  • Add base-branch field for cross-repo PRs targeting non-default branches by @Copilot in #15089

Full Changelog: v0.43.6...v0.43.7

Assets 16
Loading