Skrevet af Hvis du kører en Peertube-instans og den er offentligt tilgængelig, så bør du opdatere til den seneste 7.1.1-udgivelse snarest, da den rummer en del sikkerhedsforbedringer.
Her er et følger et uddrag fra ændringsloggen:
- High severity Fix DoS and blind SSRF on ActivityPub playlist creation CVE-2025-32948
- High severity Prevent infinite loop DoS when crawling ActivityPub data CVE-2025-32947
- Medium severity Prevent an attacker from adding playlists to a another user’s channel using the ActivityPub CVE-2025-32946
- Medium severity Prevent an attacker from adding playlists to a another user’s channel using the REST API CVE-2025-32945
- Medium severity Add protection against ZIP bomb on user import CVE-2025-32949
- Medium severity Prevent crash on user import with a ZIP containg an illegal filename CVE-2025-32944
- Low severity Do not leak private HLS playlists (
.m3u8files) CVE-2025-32943
Læs den fulde changelog