github vercel/ai @ai-sdk/prodia@2.0.0-canary.51
on GitHub

latest releases: ai@6.0.202, @ai-sdk/workflow@1.0.0-canary.88, @ai-sdk/vue@4.0.0-canary.171...
pre-release18 hours ago

Patch Changes

  • 6e8917f: fix(prodia): validate user-supplied image URLs before fetching (SSRF)

    The Prodia video model's resolveVideoFileData fetched a user-supplied image URL directly with fetch(), bypassing the SDK's SSRF guard. An attacker who could supply the image URL could make the server request internal endpoints (e.g. cloud metadata) and have the response uploaded to Prodia's API. The URL is now downloaded via downloadBlob, which routes through validateDownloadUrl and rejects private/internal addresses, matching the pattern used by other providers.

  • Updated dependencies [bae5e2b]

    • @ai-sdk/provider-utils@5.0.0-canary.47
Check out latest releases or
releases around vercel/ai @ai-sdk/prodia@2.0.0-canary.51

Don't miss a new ai release

NewReleases is sending notifications on new releases.

Get notifications