Skip to content

Ideon v0.9.4

Latest

Choose a tag to compare

@github-actions github-actions released this 03 Jul 20:38
v0.9.4
63cc5c1

Security

  • Fixed a privilege escalation vulnerability (GHSA-v3qr-4v8m-29rh) where a read-only collaborator could perform write and delete operations on a project, including wiping and replacing the entire canvas. Reported by @tonghuaroot.
  • Fixed an SSRF bypass (GHSA-cvcr-fcf6-366r) in the image proxy where IPv4-mapped IPv6 addresses (e.g. [::ffff:7f00:1]) could bypass the private IP blocklist and reach internal services. Reported by @tonghuaroot.