openhands
|
9b75817300
|
fix: SECURITY_REVIEW.md references obsolete recenterAccess pattern (#838)
- Update M-3 finding: recenterAccess was removed; MIN_RECENTER_INTERVAL
(60s) cooldown now enforced unconditionally — downgrade severity to
Informational (resolved)
- Update Access Control Summary: remove recenterAccess rows, reflect
permissionless recenter() with cooldown
- Update Conclusion: mark M-3 as resolved
- Fix stale M-1 impact note that mentioned recenterAccess as a workaround
- deployment.md: remove Section 3.2 "Set Recenter Access" (setRecenterAccess
no longer exists); update 3.3 first-recenter comment
- deployment.md: replace recenterAccess() verification call with
lastRecenterTime() check
- deployment.md §6.1: rewrite Pause Recentering note — no access-control
switch exists, cooldown is the only rate limiter
- deployment.md §6.5: remove stale setRecenterAccess(0xdEaD) instruction
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-03-16 14:43:37 +00:00 |
|