Skip to content
This repository has been archived by the owner on Apr 22, 2023. It is now read-only.

3.0.2

Compare
Choose a tag to compare
@Rudloff Rudloff released this 27 Feb 12:05
· 88 commits to master since this release

This release fixes a Server-Side Request Forgery vulnerability that could be used to send a request to an internal hostname (see GHSA-r5hc-wm3g-hjw6).

Part of the fix requires applying a patch to youtube-dl to prevent it from following HTTP redirects. If you are using the version of youtube-dl bundled with 3.0.2, it is already patched.
However, if you are using your own unpatched version of youtube-dl you might still be vulnerable.