关键漏洞信息 v1.1.3-alpha (Pre-release) Security Fixes XSS Prevention: Closed the primary persistent XSS risk in chat tool surfaces by removing unsafe untrusted HTML rendering patterns. URL Ingest Security Controls: Hardened against SSRF vectors (local, private IP targets, redirect abuse, scheme abuse) and enforce safe redirect behavior. Resource Safeguards: Added limits on upload/message/session payload sizes and safer ingest read paths for large inputs. Concurrency-safe Persistence: Migration to shared atomic JSON utility for chat history and synchronized persistence across sessions. Regressions Testing: Expanded automated regression tests for auth/session/streaming flows. Additional Security Considerations Web UI Hardening: Removed risky content rendering patterns and used safer methods for HTML content. Safe Redirection: Configurable redirect ceiling for safer path handling. v1.1.2-alpha (Proposed) Provider Runtime Reliability Added end-to-end ChatGPT Codex support and integrated deeper Codex integration (non-interactive execution, diagnostics). Summary v1.1.3 focuses on security and performance enhancements. v1.1.2 enhances provider reliability with ChatGPT integration. These updates collectively address significant security vulnerabilities and improve the overall robustness of the application.