Security
- Fixed a critical directory traversal vulnerability in File.download(). All users are urged to upgrade immediately. This prevents malicious filenames from writing files outside the target directory, a risk especially critical for Windows users.
- Added automatic filename sanitization with platform-specific rules.
- Added path resolution checks to block directory traversal attacks.
- Introduced warnings when filenames are sanitized to maintain user awareness.
Please see the security advisory for more details.
Bugfixes
- Fixed bug in JSON parsing for ia upload --file-metadata ....