This repository has been archived by the owner on Apr 22, 2023. It is now read-only.
3.0.2
This release fixes a Server-Side Request Forgery vulnerability that could be used to send a request to an internal hostname (see GHSA-r5hc-wm3g-hjw6).
Part of the fix requires applying a patch to youtube-dl to prevent it from following HTTP redirects. If you are using the version of youtube-dl bundled with 3.0.2, it is already patched.
However, if you are using your own unpatched version of youtube-dl you might still be vulnerable.