Skip to content

Fedify 0.9.3
Compare
Choose a tag to compare
@github-actions github-actions released this 09 Jul 06:15
· 726 commits to main since this release
0.9.3
This tag was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.
7600281
This commit was signed with the committer’s verified signature.
dahlia Hong Minhee (洪 民憙)
GPG key ID: C429ECD57EED6CCA
Verified
Learn about vigilant mode.

Released on July 9, 2024.

  • Fixed a vulnerability of SSRF via DNS rebinding in the built-in document loader. [CVE-2024-39687]

    • The fetchDocumentLoader() function now throws an error when the given domain name has any records referring to a private network address.
    • The getAuthenticatedDocumentLoader() function now returns a document loader that throws an error when the given domain name has any records referring to a private network address.
Assets 8
Loading
0 Join discussion