CodeCow/chatwoot
1
0
Fork 0
mirror of https://github.com/chatwoot/chatwoot.git synced 2026-06-04 21:02:35 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
develop
chatwoot/spec/jobs/avatar
History
Sony Mathew 661608c0b1
fix: [CW-6931] Harden external downloads against SSRF [avatar from url job] (#14153) 
This routes external downloads used by avatar sync through SafeFetch. It closes the SSRF exposure from raw Down.download paths, preserves provider-specific auth and header flows, and adds regression coverage
for blocked internal URLs plus authenticated downloads.
Fixes # (issue): [CW-6931](https://linear.app/chatwoot/issue/CW-6931/avatarwidget-url-ssrf-downdownload-unprotected-unauth)
2026-04-24 18:59:45 +05:30
..
avatar_from_gravatar_job_spec.rb fix: Disable enqueueing Avatar jobs if the URL is invalid (#12035) 2025-07-24 12:56:39 +04:00
avatar_from_url_job_spec.rb fix: [CW-6931] Harden external downloads against SSRF [avatar from url job] (#14153) 2026-04-24 18:59:45 +05:30