-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Advisory] File Downloader cookie leak #32450
Comments
From the advisory:
Looks like youtube-dl version Can I apply the patch to my youtube-dl |
Do read the issue text:
The changes are quite extensive and relate to a master code version 18 months later than the 2021.12 release. |
Fixed in #32445. |
During file downloads, youtube-dl (or the external downloaders that it invokes) may leak cookies on HTTP redirects to a different host, or when the host for fragments being downloaded differs from their parent manifest's host.
Please refer to this security advisory for further details.
Youtube-dl users who are concerned about this issue should install a new version of the program from the nightly build repository: versions dated 2023-07-18 or later incorporate changes to remediate the issue. The next stable release will also include these remediations.
If updating is not possible, please refer to the linked advisory for suggested work-arounds.
The text was updated successfully, but these errors were encountered: