Max Kong
Max Kong
# I am submitting a new Community Plugin - [x] I attest that I have done my best to deliver a high-quality plugin, am proud of the code I have...
## Summary - Validate share image paths stay within workspace boundaries - Reject path traversal and symlink escapes in agent-server and agent-server-next - Add traversal regression tests ## Testing -...
## Summary - Disable overlay Node integration and enable isolation/sandbox - Escape overlay text rendering to prevent injection - Add overlay sanitization tests ## Testing - Not run (no local...
## Summary - Validate preset URLs before fetch (HTTPS only, block private/local targets) - Enforce redirect validation, size, and timeout limits - Add preset URL validation tests ## Testing -...
## Summary Tracking issue for the security fix. ## Related PR - https://github.com/bytedance/UI-TARS-desktop/pull/1786 ## Disclosure Technical details are intentionally omitted here. Full report is submitted via https://github.com/bytedance/UI-TARS-desktop/security.
## Summary\nTracking issue for the security fix.\n\n## Related PR\n- https://github.com/bytedance/UI-TARS-desktop/pull/1788\n\n## Disclosure\nTechnical details are intentionally omitted here. Full report is submitted via https://github.com/bytedance/UI-TARS-desktop/security.
## Summary\nTracking issue for the security fix.\n\n## Related PR\n- https://github.com/bytedance/UI-TARS-desktop/pull/1787\n\n## Disclosure\nTechnical details are intentionally omitted here. Full report is submitted via https://github.com/bytedance/UI-TARS-desktop/security.