You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+15-12Lines changed: 15 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,23 +8,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
8
8
9
9
## [Unreleased]
10
10
11
-
### Fixed
11
+
##[0.8.6] - 2026-03-27
12
12
13
-
- Windows antivirus file-lock errors (`WinError 32`) during `apm install`: new `file_ops` retry utility with exponential backoff for `rmtree`/`copytree`/`copy2` operations (#453)
14
-
-`install.sh` now falls back to pip when binary fails in devcontainers with older glibc (#456)
15
-
- Skills now deploy to all active targets (`.opencode/`, `.cursor/`) instead of only `.github/` (#456)
16
-
-`apm install` no longer rewrites `apm.lock.yaml` when dependencies are unchanged, eliminating `generated_at` churn in version control (#456)
17
-
-`.github/` is no longer auto-created when other target dirs (`.claude/`, `.cursor/`, `.opencode/`) already exist; copilot is only the fallback for greenfield projects (#456)
18
-
- Linux binary no longer bundles `libssl.so.3`/`libcrypto.so.3`, preventing OpenSSL ABI conflicts on distros where system `libcurl` requires a newer OpenSSL than the build machine (e.g. Fedora 43) (#466)
19
-
- SSH-style Git URLs (`git@host:owner/../evil`) now reject path traversal sequences, closing a bypass of the HTTPS validation added in #437 -- by @thakoreh (#458)
13
+
### Added
20
14
21
-
### Changed
15
+
-`apm install --target` flag to force deployment to a specific target (copilot, claude, cursor, opencode, all) (#456)
22
16
23
-
- Consolidated path-segment traversal checks in `DependencyReference` into a single `validate_path_segments()` utility in `path_security.py`, eliminating behavioral drift (backslash normalisation now applied uniformly across all parse paths)
17
+
### Fixed
24
18
25
-
### Added
19
+
- Windows antivirus file-lock errors (`WinError 32`) during `apm install` with `file_ops` retry utility (#440)
20
+
- Installer fallback to pip in devcontainers, target registry, and lockfile idempotency fixes (#456)
21
+
- Reject path traversal sequences in SSH-style Git URLs — by @thakoreh (#458)
22
+
- Exclude bundled OpenSSL libs from Linux binary to prevent ABI conflicts (#466)
23
+
- Allow spaces in ADO repository names when parsing URLs (#437)
24
+
- Gate `.claude/commands/` deployment behind `integrate_claude` flag (#443)
25
+
- Sort instruction discovery order for deterministic Build IDs across platforms (#468)
26
+
- Share `AuthResolver` across install to prevent duplicate auth popups (#424)
26
27
27
-
-`apm install --target` flag to force deployment to a specific target (copilot, claude, cursor, opencode, all) (#456)
28
+
### Changed
29
+
30
+
- Consolidated path-segment traversal checks into `validate_path_segments()` in `path_security.py` (#458)
0 commit comments