LocalAI

mirror of https://github.com/mudler/LocalAI synced 2026-04-21 21:37:21 +00:00

History

Kolega.dev 780877d1d0 security: validate URLs to prevent SSRF in content fetching endpoints (#8476 ) User-supplied URLs passed to GetContentURIAsBase64() and downloadFile() were fetched without validation, allowing SSRF attacks against internal services. Added URL validation that blocks private IPs, loopback, link-local, and cloud metadata endpoints before fetching. Co-authored-by: kolega.dev <faizan@kolega.ai>		2026-02-10 15:14:14 +01:00
..
base64.go	security: validate URLs to prevent SSRF in content fetching endpoints (#8476 )	2026-02-10 15:14:14 +01:00
base64_test.go	fix: adapt test to error changes	2025-05-30 17:43:59 +02:00
ffmpeg.go	fix: do not pass by environ to ffmpeg (#5871 )	2025-07-21 14:35:33 +02:00
hash.go	feat: embedded model configurations, add popular model examples, refactoring (#1532 )	2024-01-05 23:16:33 +01:00
json.go	fix: do not break on newlines on function returns (#864 )	2023-08-04 21:46:36 +02:00
logging.go	chore(refactor): move logging to common package based on slog (#7668 )	2025-12-21 19:33:13 +01:00
path.go	feat: elevenlabs `sound-generation` api (#3355 )	2024-08-24 00:20:28 +00:00
strings.go	fix(gallery): do not attempt to delete duplicate files (#3031 )	2024-07-28 10:27:56 +02:00
untar.go	refactor: gallery inconsistencies (#2647 )	2024-06-24 17:32:12 +02:00
urlfetch.go	security: validate URLs to prevent SSRF in content fetching endpoints (#8476 )	2026-02-10 15:14:14 +01:00
urlfetch_test.go	security: validate URLs to prevent SSRF in content fetching endpoints (#8476 )	2026-02-10 15:14:14 +01:00
utils_suite_test.go	refactor: consolidate usage of GetURI (#674 )	2023-06-26 12:25:38 +02:00