github ulsklyc/yuvomi v0.68.1
on GitHub

4 hours ago

Security

  • Documents preview: hardened the new GET /api/v1/documents/:id/preview endpoint with defense-in-depth against stored XSS. It now enforces its own server-side allowlist of previewable MIME types (PDF, PNG, JPEG, WebP, plain text, CSV) and returns 415 for anything else, instead of serving any stored mime_type inline. Responses additionally carry X-Content-Type-Options: nosniff and a restrictive Content-Security-Policy (default-src 'none') so no inline content can execute scripts even if a file were ever misclassified. (Not exploitable in 0.68.0 — uploads already reject HTML/SVG — but this removes the implicit dependency on the upload allowlist.)
Check out latest releases or
releases around ulsklyc/yuvomi v0.68.1

Don't miss a new yuvomi release

NewReleases is sending notifications on new releases.

Get notifications