Skip to content

v1.22.2
Compare
Choose a tag to compare
@tillprochaska tillprochaska released this 22 Apr 12:43
· 26 commits to main since this release
v1.22.2
This tag was signed with the committer’s verified signature.
stchris Christian Stefanescu
SSH Key Fingerprint: d6saNz+X1lhBCYQP+G45qW3LjsNnzVnlP8RILMEOzb0 Learn about vigilant mode.
252178b
This commit was signed with the committer’s verified signature.
stchris Christian Stefanescu
SSH Key Fingerprint: d6saNz+X1lhBCYQP+G45qW3LjsNnzVnlP8RILMEOzb0 Learn about vigilant mode.

⚠️ This release fixes a potential security vulnerability. We strongly encourage you to use this release and disregard previous ones. ⚠️

This release includes a fix for the archive functionality in servicelayer. Previously, the generate_url methods of the Google Cloud Storage archive adapter and the AWS S3 archive adapter were generating URLs instructing AWS S3 and Google Cloud Storage to send a Content-Disposition: inline header in the response.

When sending this header, most browsers will automatically open the file if the file’s MIME type is supported by the browser. This may not be desired in some cases, for example when downloading files from untrustworthy sources.

Starting with this version of servicelayer, the generated URLs will instead instruct AWS S3 and Google Cloud Storage to send a Content-Disposition: attachment header. Browsers won’t open files without user interaction if this header is set.

Assets 2
Loading