v0.13.0
Fixed Security Incident
This release contains a fix for a vulnerability, which allowed attackers to get secret API keys.
| Affected | Description | Severity | Vulnerability Type | Fixed in |
|---|---|---|---|---|
| ≤ 0.12.0 | Leak secret tokens by changing baseURL. Read more |
High (7.5) | CWE-840: Business Logic Errors | 0.13.0 |
Changes
🚨 Breaking Changes
- Strict dynamic backend urls - by @johannschopplich (48187)
🐞 Bug Fixes
- server: Throw if path is absolute url - by @johannschopplich (40239)
View changes on GitHub
Contributors
johannschopplich