Critical codespace Jupyter RCE fixed; public release downloads
v2.96.0
Security
A security vulnerability has been identified, and fixed, that could allow command execution on a user's computer when connecting to a malicious Codespace via gh codespace jupyter.
Users of gh codespace jupyter are advised to update gh to version v2.96.0 as soon as possible.
For more information see: https://github.com/cli/cli/security/advisories/GHSA-8cg3-r6g9-fpg2
Download release assets without authentication
gh release download now works against public repositories without authentication, matching gh extension install. A token is still used when one is present:
# Download assets from a public repository, no login required
gh release download v2.96.0 --repo cli/cli
What's Changed
✨ Features
- Allow
gh release downloadwithout authentication on public repositories by @BagToad in #13723 - Detect additional third-party coding agents by @BagToad in #13722
- Support
antigravity-cliandantigravity2.0ingh skillby @BagToad in #13784
🐛 Fixes
- fix: show checks summary when all checks were cancelled by @s3onghyun in #13679
- fix(skills): install universal agent to
~/.agents/skillsby @toller892 in #13681 - fix(skills): honor
--dirwithout agent prompt by @happysnaker in #13766 - Fix concurrent map writes in codespace port forwarding by @williammartin in #13313
- Use
int64for GitHub database IDs by @williammartin in #13403
📚 Docs & Chores
- Pin reusable triage workflows to a commit SHA by @BagToad in #13705
- Add security disclosure guidance to
AGENTS.mdby @BagToad in #13720 - Clarify
--cloneboolean flag behaviour ingh repo forkhelp by @BagToad in #13786 - Fix flaky
TestHuhPrompterMultiSelectWithSearchPersistenceon slow architectures by @pdostal in #13675 - docs(search): add examples for multiple qualifiers by @happysnaker in #13756
- docs: fix broken anchor link in release-process-deep-dive by @patrickwehbe in #13688
- docs: fix broken install command and link/grammar errors by @patrickwehbe in #13690
- docs: fix duplicated word in primer README by @s3onghyun in #13677
:dependabot: Dependencies
- chore(deps): bump github.com/microsoft/dev-tunnels from 0.1.19 to 0.1.27 by @dependabot in #13708
- chore(deps): bump actions/checkout from 6.0.3 to 7.0.0 by @dependabot in #13703
- chore(deps): bump github.com/google/go-containerregistry from 0.21.6 to 0.21.7 by @dependabot in #13702
- chore(deps): bump actions/setup-go from 6.4.0 to 6.5.0 by @dependabot in #13740
- chore(deps): bump actions/attest from 4.1.0 to 4.1.1 by @dependabot in #13754
- chore(deps): bump goreleaser/goreleaser-action from 7.2.2 to 7.2.3 by @dependabot in #13759
- chore(deps): bump golangci/golangci-lint-action from 9.2.1 to 9.3.0 by @dependabot in #13779
New Contributors
- @patrickwehbe made their first contribution in https://github.com/cli/cli/pull/13688
- @s3onghyun made their first contribution in https://github.com/cli/cli/pull/13679
- @toller892 made their first contribution in https://github.com/cli/cli/pull/13681
- @happysnaker made their first contribution in https://github.com/cli/cli/pull/13756
Full Changelog: https://github.com/cli/cli/compare/v2.95.0...v2.96.0
Fetched July 2, 2026



