GHSA-6XG4-82HV-CP6F OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing

Summary ACP-only provenance fields in chat.send were gated by self-declared client metadata from the WebSocket handshake rather than verified authorization state. Impact A normal authenticated operator client could spoof ACP identity labels and inject reserved provenance fields intended only for...

OpenClaw gateway agents.files symlink escape allowed out-of-workspace file read/write

Impact The gateway agents.files.get and agents.files.set methods allowed symlink traversal for allowlisted workspace files. A symlinked allowlisted file for example AGENTS.md could resolve outside the agent workspace and be read/written by the gateway process. This could enable arbitrary host fil...

Virtuozzo Hybrid Infrastructure 6.3 Update 1 Hotfix 3 (6.3.1-133)

This update provides stability fixes and support for cumulative updates. Clusters running version 6.3.1 or later can now upgrade directly to the latest available version in a single step. Vulnerability id: VSTOR-105770 A stability fix for vstorage-mount. Vulnerability id: VSTOR-104585, VSTOR-1065...