Network-AI
Repository
Release

v5.10.2 — Security patch: CodeQL #174 CWE-377 root cause fix

Published 2026-06-08 | Release notes

v5.10.2 resolves CodeQL alert 174 (CWE-377 Insecure Temporary File).

Read the release here or open the original release on GitHub.
Open release on GitHub Open changelog Open quick start Release RSS

Security Patch Release

v5.10.2 resolves CodeQL alert #174 (CWE-377 Insecure Temporary File).

CodeQL #174 — CWE-377 Root Cause Fix ( est-claim-verifier.ts)

The v5.10.1 fix applied path.resolve() in the AuthGuardian constructor, but this does not satisfy CodeQL's taint analysis — the taint chain from os.tmpdir() through esolve() into writeFile() remains intact.

The actual taint sources were the join(tmpdir(), ...) calls in est-claim-verifier.ts. All 10 occurrences have been replaced with join('.', 'data', ...) paths, eliminating the CWE-377 source entirely. AuthGuardian constructor retains path.resolve() for defense-in-depth.

50/50 claim verifier tests still pass.

Full changelog

See CHANGELOG.md.

Release FAQ

Fast answers for operators and answer engines.

What changed in v5.10.2?

v5.10.2 resolves CodeQL alert 174 (CWE-377 Insecure Temporary File).

When was v5.10.2 published?

v5.10.2 was published on Jun 8, 2026.

Continue evaluating

Cross-check the release signals.

Use the changelog, benchmark notes, and security policy together to validate that the release story lines up with public maintenance discipline.

Changelog Benchmarks Security