Skip to main content

Security advisory, May 2026

This advisory summarises three packaging incidents on the public SDK distribution channels during May 2026, what was affected, what was done, and what every user should do.

None of the issues affected the runtime behaviour of the policy engine, the audit trail, or any deployed Control Zero service. All three were issues with what was packaged into the published SDK artifact.

Affected versions

ChannelAffected versionsStatus
PyPI, controlzero1.5.0, 1.5.5Yanked. Use >=1.7.0.
Go proxy, controlzero.ai/sdk/gov1.7.0 through v1.7.4Retracted. Use >=v1.7.6.
npm, @controlzero/sdkpre-1.8.3 linesSuperseded. Use the current published 1.12.x line, served from the Control Zero registry at https://npm.controlzero.ai.

What happened

PyPI 1.5.0 and 1.5.5

Two Python SDK releases shipped with inline source comments and string fixtures referencing customer names from internal triage notes. The runtime did not transmit this data anywhere. The exposure was limited to anyone who read the package source.

Fix: the offending strings and comments were scrubbed; the wheels were yanked from PyPI; 1.5.7 was published as the clean successor and is itself superseded by the current 1.7.0 line.

Go v1.7.0 through v1.7.4

A subset of Go SDK tags shipped the same scrubbed string fixtures as the Python wheels, plus a realistic-looking API key example used in test scaffolding. Because the Go module proxy serves immutable cached zips, the only safe path is to retract the affected tags and republish a clean version.

Fix: every tag from v1.7.0 through v1.7.4 was retracted in the module file; v1.7.5 was the clean successor and the line is now at v1.7.6.

npm @controlzero/sdk

A pre-release Node build carried a single customer-name reference inside a bundled CHANGELOG entry. It was scrubbed before it reached the published npm line; the published @controlzero/sdk line was unaffected throughout. The current published line is 1.12.x, served from the Control Zero registry at https://npm.controlzero.ai. If you are on an older published version, upgrade to the current line.

What we did

  • Scrubbed every offending file from the source tree.
  • Added an IP scrub gate to the pre-push wrapper. The gate scans every published artifact for customer names, realistic-looking key fixtures, and internal hostnames before any commit can be pushed.
  • Republished a clean version on each channel where republication is possible.
  • Added a parity test for the scrub gate across Python, Node, and Go release scripts so a clean release cannot regress.

What you should do

  1. If you are on Python controlzero 1.5.0 or 1.5.5: upgrade.

    pip install -U "controlzero>=1.7.0"
  2. If you are on Go SDK v1.7.0 through v1.7.4: upgrade.

    go get controlzero.ai/sdk/go@v1.7.6
    go mod tidy

    If your build pins one of the retracted tags, the Go toolchain will warn you on the next go mod tidy. Re-pin to >=v1.7.6.

  3. If you are on an older npm @controlzero/sdk version: upgrade to the current published line. Configure the Control Zero registry once: add @controlzero:registry=https://npm.controlzero.ai to your .npmrc (or run npm config set @controlzero:registry https://npm.controlzero.ai). It applies to npm install and npx for the whole @controlzero scope.

    npm install @controlzero/sdk@latest
  4. If you are on any other version: no action needed.

Reporting future issues

If you find anything in a published artifact that looks like it should not be there, including customer references, realistic-looking credentials, or internal hostnames, please report it privately to security@controlzero.ai. See the security policy for the full disclosure flow.