open-webui/open-terminal v0.11.11 on GitHub

🔒 Upload path traversal — /files/upload now resolves the directory parameter through fs.resolve_path() and sanitizes the uploaded filename with os.path.basename(), preventing path traversal attacks (e.g. ../../etc/passwd) that could escape the user's home directory in multi-user mode. The composed path is normalized with os.path.normpath() and validated by _check_path before writing. All other file endpoints already had these protections.