9 points | by CyberShadow 11 hours ago ago
2 comments
Previous versions of OpenCode started a server which allowed any website visited in a web browser to execute arbitrary commands on the local machine. Make sure you are using v1.1.10 or newer; see link for more details.
The disclosure timeline is concerning.
Reported 2025-11-17, and multiple "no responses" after repeated attempts to contact the maintainers... not a good look.
Previous versions of OpenCode started a server which allowed any website visited in a web browser to execute arbitrary commands on the local machine. Make sure you are using v1.1.10 or newer; see link for more details.
The disclosure timeline is concerning.
Reported 2025-11-17, and multiple "no responses" after repeated attempts to contact the maintainers... not a good look.