When was v5.8.9 published?

v5.8.9 was published on May 30, 2026.

Release

v5.8.9 — CodeQL #170/#173 taint-break + BOM fix + prompt cleanup

Published 2026-05-30 | Release notes

CodeQL 170 — CWE-367 TOCTOU (test-phase11.ts stale-lock inject): lockPath tainted via new FileLock(lockPath) internal existsSync → openSync(lockPath, 'w'). Fixed with fresh const staleLockPath = join(dir, '.test.lock') i

Read the release here or open the original release on GitHub.

Open release on GitHub Open changelog Open quick start Release RSS

What's Changed

Fixed

CodeQL #170 — CWE-367 TOCTOU (test-phase11.ts stale-lock inject): lockPath tainted via new FileLock(lockPath) internal existsSync → openSync(lockPath, 'w'). Fixed with fresh const staleLockPath = join(dir, '.test.lock') inside the write block.
CodeQL #173 — CWE-367 TOCTOU (test-phase11.ts orphan-tmp simulate): tmpPath flowed from assert(!existsSync(tmpPath)) into openSync(tmpPath, O_CREAT|O_EXCL|O_WRONLY). Fixed with fresh const orphanTmpPath inside the write block.
UTF-8 BOM regression: PowerShell 5.1 Set-Content writes BOM, breaking ts-node JSON parse in CI. All version-bump scripts now use System.IO.File::WriteAllText with UTF8Encoding(false).
claude-project-prompt.md residual hardcoded-3 refs: Pre-commit checklist and response-format template still referenced "3 sub-tasks" after v5.8.8 SkillSpector fix. Both updated to be count-agnostic.

Full Changelog: https://github.com/Jovancoding/Network-AI/compare/v5.8.8...v5.8.9

v5.8.9 — CodeQL #170/#173 taint-break + BOM fix + prompt cleanup

What's Changed

Fixed

Fast answers for operators and answer engines.

What changed in v5.8.9?

When was v5.8.9 published?

Cross-check the release signals.