admin777/new-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,641 Commits 3 Branches 660 Tags
Commit Graph

6 Commits

Author SHA1 Message Date
CaIon
20399d3c8f fix: harden SSRF protection for unauthenticated and user-level endpoints 
- Add ValidateURLWithFetchSetting check before fetching MJ image URLs
  in RelayMidjourneyImage (unauthenticated endpoint)
- Add ValidateURLWithFetchSetting check before fetching video URLs
  in VideoProxy (upstream-controlled URL)
- Enable ApplyIPFilterForDomain by default to prevent DNS rebinding
  bypass of SSRF protection
- Elevate FetchModels endpoint from AdminAuth to RootAuth
- Update frontend: mark domain IP filtering as recommended, update
  description and i18n translations (zh-CN/zh-TW/en/fr/ja/ru/vi)
 2026-03-31 17:57:47 +08:00
Seefs
5010f2d004 format: package name -> github.com/QuantumNous/new-api (#2017) 2025-10-11 15:30:09 +08:00
CaIon
0008d2e3a0 feat: add experimental IP filtering for domains and update related settings 2025-09-18 13:40:52 +08:00
creamlike1024
82163b4be7 feat: 添加域名启用ip过滤开关 2025-09-17 23:46:04 +08:00
creamlike1024
cc9a559b75 feat: 添加域名和ip过滤模式设置 2025-09-16 22:40:40 +08:00
CaIon
c3f5478593 feat: implement SSRF protection settings and update related references 2025-09-13 18:15:03 +08:00