-
v2.5.5-hotfix — CodeQL Path Validation Fix Pre-release
released this
2026-05-13 00:01:38 +02:00 | 80 commits to main since this releasev2.5.5-hotfix
Hotfix for v2.5.5-dev addressing CodeQL Critical and High severity alerts.
Fixes
- PluginLoaderService: validate jarPath is within pluginsDir using normalize() + startsWith()
- PluginLoaderService: construct file:// URL from validated path, check startsWith("file://") before new URL() — fixes SSRF alert #10
- PluginStorageService: added normalize() + startsWith(stagingDir) check in stageJar() — fixes path-injection alert #8
Workflow Status
- ✅ Compose Smoke Test
- ✅ CodeQL (re-scan pending)
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads