MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · bmersereau/mike · this thread

bmersereau hardens Mike against three open security holes at once

One pull request takes aim at malicious uploads, weak browser defenses, and unpatched XML library bugs.

securitycompliance

The headline move is checking what files actually are, not just what they claim to be. bmersereau adds signature validation on both document upload paths, so a file's real bytes have to match its declared extension before Mike accepts it. PDFs, Word documents, and legacy .doc files pass; HTML pretending to be a contract, empty files, and anything unrecognized get turned away.

Behind that, the browser itself gets stricter rules about what it's allowed to run or embed, on both the backend and the Next.js frontend. So even if something hostile got past the front door, the browser would refuse to execute it or load it inside another page. A third strand pins a known-vulnerable XML parsing library to a patched version, clearing four high-severity advisories in one go.

So what Anyone running Mike in front of real client documents should care: this closes the kind of upload-based attack that legal-tech buyers actually ask about in security reviews.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?