Security
SSRF Mitigation (Critical)
- Fix Server-Side Request Forgery (SSRF) vulnerability in URL handling (GHSA-fqph-j6v6-jvgx, CVE pending)
- Add IP address validation to block access to internal/private networks
- Implement safe redirect handling with destination validation
- Block access to cloud metadata endpoints
- Prevent access to private IPv4 ranges (RFC 1918:
10.0.0.0/8,172.16.0.0/12,192.168.0.0/16) - Prevent access to loopback and link-local addresses
Thanks to Anisto Mejin for responsible disclosure