The Wire · Showcase
SLACK NOTIFICATION INJECTION PATCHED ACROSS SDK STACK
By RepoJournal · Filed · About Anthropic
A JSON injection vulnerability in the Slack issue notification workflow has been fixed, and all three SDK implementations now carry the security patch plus critical bug fixes for false-positive CI success states.
The Python SDK shipped v0.2.117 [2] with an escape of untrusted issue fields in the Slack notification workflow, preventing attackers from injecting malformed JSON or mrkdwn code through specially crafted issue titles or usernames [1]. The TypeScript SDK and Code Action both follow with updates that fix a separate but equally important issue: builds now fail correctly when the Agent SDK returns `is_error: true` despite a success subtype, preventing misleading green checks on code review runs that never actually executed [3]. v0.2.118 for Python and v0.3.209 for TypeScript [5] bump the bundled Claude CLI to 2.1.209 [4], which unblocks the /model dialog in background agent sessions. The TypeScript SDK v0.3.208 [6] also patches two resource leaks and fixes a timeout handler that was killing queries instead of gracefully blocking prompts.
Action items
- → Upgrade claude-agent-sdk-python to 0.2.118 anthropics/claude-agent-sdk-python [immediate]
- → Upgrade @anthropic-ai/claude-agent-sdk to 0.3.209 anthropics/claude-agent-sdk-typescript [immediate]
- → Upgrade claude-code-action to v1.0.173 anthropics/claude-code-action [plan]
References
- [1] Escape untrusted issue fields in the Slack notification workflow (#1116) anthropics/claude-agent-sdk-python
- [2] v0.2.117 ↗ anthropics/claude-agent-sdk-python
- [3] fix(sdk): fail step when result has is_error:true despite success subtype ↗ anthropics/claude-code-action
- [4] v2.1.209 ↗ anthropics/claude-code
- [5] v0.3.209 ↗ anthropics/claude-agent-sdk-typescript
- [6] v0.3.208 ↗ anthropics/claude-agent-sdk-typescript