EasyAI代码托管平台

mirror of https://github.com/comfyanonymous/ComfyUI.git synced 2026-02-17 00:43:48 +08:00

History

fragmede b8a0408c65 Fix critical security vulnerabilities in model downloader - Add path traversal protection in simple_downloader.py - Sanitize model_type and filename inputs to prevent directory escapes - Validate file extensions against allowed list - Restrict model types to whitelisted folders only - Add URL validation to require HTTPS - Block SSRF attacks by preventing local/private network downloads - Add input validation in server.py endpoint - Ensure all file paths remain within models directory These changes prevent attackers from: - Writing files outside the models directory - Accessing sensitive files via path traversal - Making requests to internal services (SSRF) - Executing arbitrary code via malicious filenames 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>		2025-09-27 06:08:32 -07:00
..
database	Add support for sqlite database (#8444 )	2025-06-11 16:43:39 -04:00
__init__.py	Add `FrontendManager` to manage non-default front-end impl (#3897 )	2024-07-16 11:26:11 -04:00
app_settings.py	Update frontend to v1.25.10 and revert navigation mode override (#9522 )	2025-08-23 17:54:01 -04:00
custom_node_manager.py	This should not be a warning. (#7946 )	2025-05-05 07:49:07 -04:00
frontend_management.py	Add workflow templates version tracking to system_stats (#9089 )	2025-09-26 21:29:13 -07:00
logger.py	Repeat frontend version warning at the end.	2025-03-12 07:13:40 -04:00
model_manager.py	API for Recently Used Items (#8792 )	2025-08-01 22:02:06 -04:00
simple_downloader.py	Fix critical security vulnerabilities in model downloader	2025-09-27 06:08:32 -07:00
user_manager.py	fix(userdata): catch invalid workflow filenames (#9434 ) (#9445 )	2025-08-20 22:27:57 -04:00