Skip to content
Compare
Choose a tag to compare

3.0.3

Latest
@Rudloff Rudloff released this
· 6 commits to master since this release
Compare
Choose a tag to compare

This release fixes a vulnerability that could be used to trigger either an open redirect attack or a Server-Side Request Forgery attack (see GHSA-75p7-527p-w8wp).

The fix requires applying a patch to youtube-dl to disable its generic extractor. If you are using the version of youtube-dl bundled with 3.0.3, it is already patched.
However, if you are using your own unpatched version of youtube-dl you might still be vulnerable.