Skip to content

Release: v1.4.1

Choose a tag to compare

@Dim145 Dim145 released this 20 Jun 00:44
Patch on top of 1.4.0: clears the CodeQL py/unsafe-deserialization alert
on the metadata.yml importer (yaml.safe_load + a separate yaml.scan alias
rejection instead of yaml.load with a SafeLoader subclass). No behaviour
change; same billion-laughs protection. Bumps backend, frontend and docs
to 1.4.1 (User-Agent stays fdroid-store/1.4 — patch release).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>