Update README.md

[mrT23]

PR Type

Documentation

---

Description

• Added announcement about security fixes in PR-Agent v0.26 (December 30, 2024)
• Documented addressing of two vulnerabilities identified by community feedback
• Referenced external security report from Kudelski Security

---

Changes walkthrough 📝

	Relevant files
Documentation	README.md Add security update announcement for v0.26                              README.md Added new section for December 30, 2024 update Documented addressing of two security vulnerabilities in PR-Agent v0.26 +4/-0

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[qodo-merge-pro-for-open-source]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🏅 Score: 95

🧪 No relevant tests

🔒 No security concerns identified

⚡ No major issues detected

[qodo-merge-pro-for-open-source]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Security	Enhance security advisory with specific vulnerability details and upgrade recommendations Add specific details about the security vulnerabilities that were fixed to help users understand the security impact and whether they need to take action. Include CVE numbers if available. README.md [46] -Following [feedback](https://research.kudelskisecurity.com/2024/08/29/careful-where-you-code-multiple-vulnerabilities-in-ai-powered-pr-agent/) from the community, we have addressed two vulnerabilities identified in the open-source PR-Agent project. The fixes are now included in the newly released version (v0.26), available as of today. +Following [security research](https://research.kudelskisecurity.com/2024/08/29/careful-where-you-code-multiple-vulnerabilities-in-ai-powered-pr-agent/) from the community, we have addressed two vulnerabilities (CVE-2024-XXXX, CVE-2024-YYYY) identified in the open-source PR-Agent project: +- Remote Code Execution vulnerability in the code suggestion feature +- Path traversal vulnerability in file handling +These fixes are now included in version v0.26, released today. Users are strongly encouraged to upgrade from earlier versions. + Apply this suggestion Suggestion importance[1-10]: 9 Why: The suggestion significantly improves the security advisory by adding critical details about vulnerability types, CVE numbers, and explicit upgrade recommendations, which is essential for users to understand the security impact and take necessary action.	9

• Author self-review: I have reviewed the PR code suggestions, and addressed the relevant ones.