vrr/open-notebook
2
0
Fork 0
mirror of https://github.com/lfnovo/open-notebook.git synced 2026-05-02 21:30:38 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
open-notebook/api
History
Luis Novo 70a466a640 fix: prevent RCE via SSTI, path traversal file write, and LFI file read 
- Bump ai-prompter to >=0.4.0 which uses Jinja2 SandboxedEnvironment,
  preventing arbitrary code execution via user-provided transformation prompts
- Sanitize uploaded filenames with os.path.basename() and validate resolved
  path stays within upload directory to prevent path traversal
- Validate file_path in source creation is within UPLOADS_FOLDER to prevent
  arbitrary file read via Local File Inclusion
2026-04-09 11:58:16 -03:00
..
routers fix: prevent RCE via SSTI, path traversal file write, and LFI file read 2026-04-09 11:58:16 -03:00
__init__.py Api podcast migration (#93) 2025-07-17 08:36:11 -03:00
auth.py feat: credential-based API key management (#477) (#540) 2026-02-10 08:30:22 -03:00
chat_service.py Feat/localization tests docker (#371) 2026-01-15 13:51:05 -03:00
CLAUDE.md feat(podcasts): model registry integration, credential passthrough & new features (#632) 2026-02-27 11:06:47 -03:00
client.py Feat/localization tests docker (#371) 2026-01-15 13:51:05 -03:00
command_service.py Version 1 (#160) 2025-10-18 12:46:22 -03:00
context_service.py Feat/localization tests docker (#371) 2026-01-15 13:51:05 -03:00
credentials_service.py feat: add DashScope (Qwen) and MiniMax provider support 2026-04-06 10:54:37 -03:00
embedding_service.py Feat/localization tests docker (#371) 2026-01-15 13:51:05 -03:00
episode_profiles_service.py Feat/localization tests docker (#371) 2026-01-15 13:51:05 -03:00
insights_service.py Feat/localization tests docker (#371) 2026-01-15 13:51:05 -03:00
main.py feat(podcasts): model registry integration, credential passthrough & new features (#632) 2026-02-27 11:06:47 -03:00
models.py feat: expose embed command_id in note API responses (#545) 2026-02-14 18:11:23 -03:00
models_service.py Feat/localization tests docker (#371) 2026-01-15 13:51:05 -03:00
notebook_service.py Feat/localization tests docker (#371) 2026-01-15 13:51:05 -03:00
notes_service.py Feat/localization tests docker (#371) 2026-01-15 13:51:05 -03:00
podcast_api_service.py Version 1 (#160) 2025-10-18 12:46:22 -03:00
podcast_service.py refactor: reorganize folder structure for better maintainability 2026-01-03 14:04:27 -03:00
search_service.py Feat/localization tests docker (#371) 2026-01-15 13:51:05 -03:00
settings_service.py Feat/localization tests docker (#371) 2026-01-15 13:51:05 -03:00
sources_service.py Feat/localization tests docker (#371) 2026-01-15 13:51:05 -03:00
transformations_service.py Feat/localization tests docker (#371) 2026-01-15 13:51:05 -03:00