LocalAI

mirror of https://github.com/mudler/LocalAI synced 2026-05-24 09:28:23 +00:00

History

Kolega.dev 780877d1d0 security: validate URLs to prevent SSRF in content fetching endpoints (#8476 ) User-supplied URLs passed to GetContentURIAsBase64() and downloadFile() were fetched without validation, allowing SSRF attacks against internal services. Added URL validation that blocks private IPs, loopback, link-local, and cloud metadata endpoints before fetching. Co-authored-by: kolega.dev <faizan@kolega.ai>		2026-02-10 15:14:14 +01:00
..
endpoints	security: validate URLs to prevent SSRF in content fetching endpoints (#8476 )	2026-02-10 15:14:14 +01:00
middleware	feat: add VoxCPM tts backend (#8109 )	2026-01-28 14:44:04 +01:00
routes	feat(musicgen): add ace-step and UI interface (#8396 )	2026-02-05 12:04:53 +01:00
static	feat(musicgen): add ace-step and UI interface (#8396 )	2026-02-05 12:04:53 +01:00
views	feat(musicgen): add ace-step and UI interface (#8396 )	2026-02-05 12:04:53 +01:00
app.go	feat(api): add support for open responses specification (#8063 )	2026-01-17 22:11:47 +01:00
app_test.go	chore(tests): add audio/wav to expected wav file	2026-02-05 20:27:06 +00:00
explorer.go	chore(refactor): move logging to common package based on slog (#7668 )	2025-12-21 19:33:13 +01:00
http_suite_test.go	feat(api): add support for open responses specification (#8063 )	2026-01-17 22:11:47 +01:00
openresponses_test.go	feat(api): add support for open responses specification (#8063 )	2026-01-17 22:11:47 +01:00
render.go	feat: migrate to echo and enable cancellation of non-streaming requests (#7270 )	2025-11-14 22:57:53 +01:00