Skip to content

Version 5.5.1

Choose a tag to compare

View all tags
@jjjake jjjake released this 05 Sep 18:34
· 116 commits to master since this release
v5.5.1
73141db

Security

  • Fixed a critical directory traversal vulnerability in File.download(). All users are urged to upgrade immediately. This prevents malicious filenames from writing files outside the target directory, a risk especially critical for Windows users.
  • Added automatic filename sanitization with platform-specific rules.
  • Added path resolution checks to block directory traversal attacks.
  • Introduced warnings when filenames are sanitized to maintain user awareness.

Please see the security advisory for more details.

Bugfixes

  • Fixed bug in JSON parsing for ia upload --file-metadata ....
Assets 2
Loading