Network-AI
Repository
Release

v5.1.2 — Zero innerHTML Sinks, Full CodeQL Remediation

Published 2026-04-18 | Release notes

Zero \innerHTML\ sinks in \work-tree-dashboard.html\ — all 5 panel functions (\showTreeDetail\, \updateAgentsPanel\, \updateAgentDetailPanel\, \updateSupervisorPanel\, narrative log) now use pure DOM APIs (\createElement

Read the release here or open the original release on GitHub.
Open release on GitHub Open changelog Open quick start

What's Changed

Security — CodeQL Alert Remediation

  • Zero \innerHTML\ sinks in \work-tree-dashboard.html\ — all 5 panel functions (\showTreeDetail\, \updateAgentsPanel\, \updateAgentDetailPanel\, \updateSupervisorPanel\, narrative log) now use pure DOM APIs (\createElement\ + \ extContent\ + \ppendChild\)
  • Converted \gentMap\ to \Map\ (31 occurrences) — eliminates remote property injection via dynamic bracket notation
  • JSON round-trip sanitization at WebSocket ingestion for \diagnostics\, \orchestratorLogs\, and \stats\ — breaks taint chain at the source
  • Removed dead code — \escapeHtml\ and \safeSetHTML\ functions no longer needed after DOM API conversion

Stats

  • 2,691 tests passing across 26 suites
  • 27 adapters — all green
  • 0 TypeScript errors

Full Changelog: https://github.com/Jovancoding/Network-AI/compare/v5.1.1...v5.1.2

Continue evaluating

Cross-check the release signals.

Use the changelog, benchmark notes, and security policy together to validate that the release story lines up with public maintenance discipline.

Changelog Benchmarks Security