Skip to content

v1.1.4 - Security fix

Choose a tag to compare

View all tags
@QuietWireDev QuietWireDev released this 17 Jun 22:50
· 1 commit to main since this release
v1.1.4
088bb53

Security

Same-day follow-up to v1.1.3, closing the last open Dependabot alert.

  • python-multipart 0.0.30 to 0.0.31. Fixes a negative Content-Length in parse_form that turned the bounded chunked read into a read-until-EOF, buffering the entire request body in memory (CVE-2026-53540, GHSA-v9pg-7xvm-68hf, Low). Realistic exposure is limited: Starlette/FastAPI drive MultipartParser, not parse_form directly.

No functional or frontend changes. Verified on the test fleet.

Full changelog: https://github.com/QuietWireDev/QuietKeep/blob/main/CHANGELOG.md

Assets 2
Loading