Highly recommended to upgrade to this release. A command injection vulnerability was discovered on the public upload endpoint and has been fixed in this release.
Bug Fixes
- Tightened folder name validation across all upload endpoints to reject names containing spaces, slashes, or parent directory traversal sequences. White spaces are replaced with hyphens for cleaner filename sanitization.
- Fixed image uploads losing their original creation date. EXIF DateTimeOriginal is now read first, with fallback to filename date patterns then file modification time
- Fixed a crash in create_posters when a video has no duration metadata