github danielmiessler/Fabric v1.4.431
on GitHub

latest release: v1.4.432
12 hours ago

Changes

PR #2049 by ksylvan: Security Hardening: API Key Redaction, Path Traversal Prevention, and Shell Injection Elimination

  • Fix: Redact API keys in config responses and eliminate shell injection surfaces.
  • Added maskAPIKey to redact all but the last 4 characters of API keys, mitigating sensitive data exposure (CWE-200).
  • Masked all provider API keys in the GET /config response payload to prevent accidental credential leakage.
  • Replaced exec/shell commands in the Obsidian route with native fs APIs, fully eliminating shell injection vectors (CWE-78).
  • Added path-confinement validation ensuring resolved file paths remain within their intended target directories, blocking path traversal attacks (CWE-22).
Check out latest releases or
releases around danielmiessler/Fabric v1.4.431

Don't miss a new Fabric release

NewReleases is sending notifications on new releases.

Get notifications