Conversation
### Added - Multi-Agent workflow orchestration to address complex tasks with multiple coordinated agents. - Agent Builder use case for configuring, deploying, and managing AI Agents from the Management Dashboard. - MCP Server deployment using images, Lambda functions, OpenAPI specs, or Smitty files. - Multimodal input capabilities for Agent Builder and workflow use cases. - AWS Lambda provisioned concurrency support for text and bedrock agent use cases to improve performance and reduce cold starts. ### Security - Upgraded js-yaml to `3.14.2` and `4.1.1` to mitigate CVE-2025-64718 - Upgraded glob to `10.5.0` to mitigate CVE-2025-64756 - Upgraded langchain-core to `0.3.80` to mitigate CVE-2025-65106
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| ]; | ||
| // Pattern that allows safe file names while preventing path traversal attacks | ||
| // Must end with a supported file extension and cannot contain path separators (/ or \) | ||
| export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\.(${SUPPORTED_MULTIMODAL_FILE_EXTENSIONS.join('|')})$`; |
Check failure
Code scanning / CodeQL
Useless regular-expression character escape High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 months ago
To fix the problem, the dot (.) in the regular expression should be properly escaped. In JS string literals intended as regex patterns, you must use a double backslash (\\.) so that when passed to a regex engine, the pattern matches a literal dot rather than any character. Specifically, in the definition of MULTIMODAL_FILENAME_PATTERN on line 410 of source/infrastructure/lib/utils/constants.ts, the .(${SUPPORTED_MULTIMODAL_FILE_EXTENSIONS.join('|')}) should be changed to \\. so the final regex, when interpreted, will correctly match file extensions separated by a dot.
No new methods, types, or imports are needed; simply change \. to \\. in the template literal.
| @@ -407,5 +407,5 @@ | ||
| ]; | ||
| // Pattern that allows safe file names while preventing path traversal attacks | ||
| // Must end with a supported file extension and cannot contain path separators (/ or \) | ||
| export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\.(${SUPPORTED_MULTIMODAL_FILE_EXTENSIONS.join('|')})$`; | ||
| export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\\\.(${SUPPORTED_MULTIMODAL_FILE_EXTENSIONS.join('|')})$`; | ||
| export const MULTIMODAL_FILE_EXPIRATION_DAYS = 2; |
| ...MULTIMODAL_SUPPORTED_DOCUMENT_FORMATS | ||
| ]; | ||
|
|
||
| export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\.(${MULTIMODAL_SUPPORTED_FILE_FORMATS.join('|')})$`; |
Check failure
Code scanning / CodeQL
Useless regular-expression character escape High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 months ago
To fix the problem, ensure that when building a regular expression string intended to match a literal . (dot), the dot is escaped twice in the string: once for the string itself and once for the RegExp, i.e., \\.. You only need to edit the line assigning MULTIMODAL_FILENAME_PATTERN in source/ui-chat/src/utils/constants.ts: change \. to \\.. No changes to imports or definitions are needed, as only the string literal must be updated.
| @@ -75,7 +75,7 @@ | ||
| ...MULTIMODAL_SUPPORTED_DOCUMENT_FORMATS | ||
| ]; | ||
|
|
||
| export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\.(${MULTIMODAL_SUPPORTED_FILE_FORMATS.join('|')})$`; | ||
| export const MULTIMODAL_FILENAME_PATTERN = `^[a-zA-Z0-9](?:[a-zA-Z0-9_-]|[\x20](?=[a-zA-Z0-9_-]))*\\\.(${MULTIMODAL_SUPPORTED_FILE_FORMATS.join('|')})$`; | ||
|
|
||
| //model provider | ||
| export const MODEL_PROVIDER = { |
2 participants
Added
Security
3.14.2and4.1.1to mitigate CVE-2025-6471810.5.0to mitigate CVE-2025-647560.3.80to mitigate CVE-2025-65106