Vladimir Panteleev

Fixed - LDC version was bumped along with the transition to a Nix-based build. In any case, I can no longer reproduce with the command above. Thanks for the report,...

Previously reported here: https://github.com/anomalyco/opencode/security/advisories/GHSA-vxw4-wv6m-9hhh @rekram1-node Now that this has been independently reported and fixed, could you please publish the advisory

@rekram1-node Why does `opencode.ai` need arbitrary command execution powers to all OpenCode users' machines?

Hi @rekram1-node, FYI - since the issue is now public and I haven't been able to reach anyone from the team regrading the above, I plan to publish a full...

> hey sorry this got dropped over the holidays Understandable, but I should note that I first tried reaching out in November. The address mentioned [here](https://github.com/anomalyco/opencode-sdk-js/blob/main/SECURITY.md) might not be monitored....

> I plan to publish a full disclosure of this and remaining problems at https://cy.md/opencode-rce/ in 48 hours (2026-01-11). Posted.

Unfortunately we cannot retarget the representative samples post-hoc; the information necessary to do so is lost after ingestion, and retaining it would require considerably more memory usage. We could reset...

Thank you for that context! It was very useful. > And shared data paths information is not available: This is the key moment - there's no reason why that should...

> And one question arises - is the list of "shares data with" paths always complete or can be populated further during the run (sampling or what's the correct term)?...

@AleXoundOS Implemented in `master`, please give it a go - bound to ⇧ ShiftP and ⇧ ShiftI respectively.