diff --git a/.changeset/google-media-binary-downloads.md b/.changeset/google-media-binary-downloads.md new file mode 100644 index 000000000..30a5795db --- /dev/null +++ b/.changeset/google-media-binary-downloads.md @@ -0,0 +1,7 @@ +--- +"executor": patch +--- + +Google media downloads (Drive file contents, exports, and other binary +endpoints) are now returned as binary responses instead of being decoded as +text, so files come back intact. Emit them with `emit(result.data)`. diff --git a/.changeset/harden-browser-opener.md b/.changeset/harden-browser-opener.md new file mode 100644 index 000000000..b4c181b26 --- /dev/null +++ b/.changeset/harden-browser-opener.md @@ -0,0 +1,9 @@ +--- +"executor": patch +--- + +The CLI now validates that a URL is `http`/`https` before handing it to the +operating system's browser opener, and on Windows opens it via +`rundll32 url.dll,FileProtocolHandler` instead of `cmd /c start`. This removes a +path where a crafted URL could be interpreted as a shell command. `executor +login` and the "open in browser" prompts behave the same for normal URLs. diff --git a/.changeset/hosted-egress-guard-hardening.md b/.changeset/hosted-egress-guard-hardening.md new file mode 100644 index 000000000..e8d4f8eb8 --- /dev/null +++ b/.changeset/hosted-egress-guard-hardening.md @@ -0,0 +1,9 @@ +--- +"executor": patch +--- + +Hardened the hosted egress guard. Outbound requests from OAuth token exchanges, +MCP transports, and GraphQL/Google/Microsoft discovery now all route through the +guard, and the guard resolves DNS before connecting so a hostname that points at +a private or loopback address is blocked rather than only literal private IPs. +This tightens SSRF protection for hosted and cloud execution.