Tags: unclecode/crawl4ai
Tags
security: patch proxy SSRF in Docker server (0.8.9) 0.8.8's SSRF check validated the crawl target URL but not the proxy address, so an unauthenticated /crawl, /crawl/stream, or /crawl/job could route the browser through a proxy pointing at an internal IP and reach internal services / cloud metadata. Reported by Geo (geo-chen). Fix (backward compatible): validate every proxy destination with the same not-is_global check used for crawl URLs, before the browser is built - browser_config.proxy, browser_config.proxy_config.server, crawler_config.proxy_config.server - and strip proxy/DNS-redirecting flags (--proxy-server / --proxy-pac-url / --proxy-bypass-list / --host-resolver-rules) from extra_args. A legitimate public proxy still works; configure proxies via proxy_config (validated), not raw extra_args flags. _enforce_proxy_safety is called in both crawl handlers (and covers /crawl/job transitively); HTTPException passthrough added so the 400 is not masked as a 500. Bump 0.8.8 -> 0.8.9 (__version__ + Dockerfile). 20 new tests; full security suite 161 pass. Changelog, release blog, README, SECURITY-CREDITS updated. This vector was already fixed in the upcoming secure-by-default release; 0.8.9 brings it forward because it is an unauthenticated SSRF.
security(credits): credit Geo (geo-chen) for 0.8.8 base_url exfil; up… …date secsys_codex handle (FORIMOC)
chore: gitignore .security/ - advisory payloads stay private, publish… …ed via GHSA only
fix: replace litellm with unclecode-litellm due to PyPI supply chain … …compromise litellm 1.82.7-1.82.8 on PyPI were compromised with malicious code. PyPI quarantined the entire package (all versions uninstallable). Switched to unclecode-litellm==1.81.13, a pre-compromise fork published under our own PyPI account. Drop-in replacement — all imports unchanged.
fix: pin redis-tools version to match redis-server in Dockerfile
Release v0.8.5: Anti-Bot Detection, Shadow DOM & 60+ Bug Fixes - Anti-bot detection with 3-tier proxy escalation - Shadow DOM flattening - Deep crawl cancellation - Config defaults API - Consent popup removal (40+ CMP platforms) - Resource filtering (avoid_ads/avoid_css) - Browser recycling & memory-saving mode - GFM table compliance - Critical security fixes (RCE deserialization, Redis CVE-2025-49844) - 60+ bug fixes across browser, proxy, deep crawl, extraction, CLI, Docker - 291-test regression suite
PreviousNext