- fixed recipes marked as private could be viewed trough API utility endpoints GHSA-cqj3-64qw-4w52
- fixed recipe search and recipe book API endpoints accepting any order by attribute GHSA-4x57-2q4q-xwpp
- fixed regex ddos possibility in automation engine GHSA-f2gw-c2c7-59v7
- fixed AI Providers could be configured with malicious URLs to allow SSRF GHSA-wq4h-2r8x-cv65
- ⚠️ if you are using custom AI backends you need to add them to the new
AI_ALLOWED_URLSsettings (see https://docs.tandoor.dev/system/configuration/#ai-integration)
- ⚠️ if you are using custom AI backends you need to add them to the new
- fixed bookmarklets of other users in your own space could be accessed/deleted GHSA-4vw7-c646-g23w
- updated lots of dependencies
- updated translations for various languages
TandoorRecipes/recipes
2.6.10
on GitHub
latest release:
2.6.11
5 hours ago