youngkingdom/ComfyUI-Manager
1
0
Fork 0
mirror of https://github.com/Comfy-Org/ComfyUI-Manager.git synced 2026-05-06 02:07:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): add input sanitization and path traversal protection

Browse Source 
- Sanitize config string values to prevent CRLF injection attacks
- Add get_safe_snapshot_path() helper to validate snapshot targets
- Block path traversal attempts in remove_snapshot and restore_snapshot endpoints
- Reject targets containing /, \, .., or null characters
This commit is contained in:
Dr.Lt.Data
2026-01-08 18:22:29 +09:00
parent 8d67702ab0
commit f4fa394e0f
3 changed files with 26 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pyproject.toml
View File

@ -1,7 +1,7 @@
[project]
name = "comfyui-manager"
description = "ComfyUI-Manager provides features to install and manage custom nodes for ComfyUI, as well as various functionalities to assist with ComfyUI."
version = "3.39.1"
version = "3.39.2"
license = { file = "LICENSE.txt" }
dependencies = ["GitPython", "PyGithub", "matrix-nio", "transformers", "huggingface-hub>0.20", "typer", "rich", "typing-extensions", "toml", "uv", "chardet"]