Skip to content

v0.15.5
Compare
Choose a tag to compare
@laipz8200 laipz8200 released this 24 Mar 09:06
· 836 commits to main since this release
0.15.5
8e75eb5
This commit was signed with the committer’s verified signature.
laipz8200 -LAN-
GPG key ID: 6BA0D108DED011FF
Verified
Learn about vigilant mode.

🔒 Security Patch in v0.15.5

Hey everyone, this version bumps us up to v0.15.5, and it focuses on tightening security:

🔐 Important Fix

  • Sandbox Code Injection: Upgrade Dify Sandbox to avoid the code injection. We strongly recommend that all users currently using versions below 0.15.5 update to this version, or you can only update the sandbox.
  • XSS Vulnerability: Sanitize SVG to prevent XSS attacks by @iamjoel in #16608.

What this means: We've updated our SVG handling to ensure that potentially malicious scripts can't take advantage of your interaction with our SVG elements. This patch fortifies our platform against cross-site scripting vulnerabilities, making sure your application usage remains safe and secure.

Stay secure, and happy coding! 🚀

What's Changed

Full Changelog: 0.15.4...0.15.5

Contributors

iamjoel
Assets 2
Loading
1 Join discussion