chatwoot

mirror of https://github.com/chatwoot/chatwoot.git synced 2026-06-13 21:01:16 +08:00

History

Sony Mathew c8e551820b fix: [CW-6940] Fix SSRF issue for webhook trigger used by macros and automations (#14155 ) This routes external downloads used by webhook fetch used by macros and acutomations through SafeFetch. It closes the SSRF exposure from raw Down.download paths, preserves provider-specific auth and header flows, and adds regression coverage for blocked internal URLs plus authenticated downloads. Fixes # (issue): [CW-6940](https://linear.app/chatwoot/issue/CW-6940/ssrf-via-webhooksautomationmacros-non-upload-non-avatar)	2026-04-27 20:30:59 +05:30
..
fetcher.rb	fix: [CW-6940] Fix SSRF issue for webhook trigger used by macros and automations (#14155 )	2026-04-27 20:30:59 +05:30
request_options.rb	fix: [CW-6940] Fix SSRF issue for webhook trigger used by macros and automations (#14155 )	2026-04-27 20:30:59 +05:30

fix: [CW-6940] Fix SSRF issue for webhook trigger used by macros and automations (#14155 )

This routes external downloads used by webhook fetch used by macros and
acutomations through SafeFetch. It closes the SSRF exposure from raw
Down.download paths, preserves provider-specific auth and header flows,
and adds regression coverage for blocked internal URLs plus
authenticated downloads.

Fixes # (issue):
[CW-6940](https://linear.app/chatwoot/issue/CW-6940/ssrf-via-webhooksautomationmacros-non-upload-non-avatar)

2026-04-27 20:30:59 +05:30

fetcher.rb

fix: [CW-6940] Fix SSRF issue for webhook trigger used by macros and automations (#14155 )

2026-04-27 20:30:59 +05:30

request_options.rb

fix: [CW-6940] Fix SSRF issue for webhook trigger used by macros and automations (#14155 )

2026-04-27 20:30:59 +05:30