security: multiple reported CVE fixes (#1515)

* update out of date license * update typing / refactor * fix arbitrarty path injection * use markdown sanatizer to prevent XSS CWE-79 * fix CWE-918 SSRF by validating url and mime type * add security docs * update recipe-scrapers * resolve DOS from arbitrary url * update changelog * bump version * add ref to #1506 * add #1511 to changelog * use requests decoder * actually fix encoding issue
2025-10-31 02:03:35 -04:00 · 2022-07-31 13:10:20 -08:00
parent 483f789b8e
commit 13850cda1f
23 changed files with 401 additions and 118 deletions
--- a/docs/docs/documentation/getting-started/installation/postgres.md
+++ b/docs/docs/documentation/getting-started/installation/postgres.md
@@ -10,7 +10,7 @@
 version: "3.7"
 services:
  mealie-frontend:
-    image: hkotel/mealie:frontend-v1.0.0beta-3
+    image: hkotel/mealie:frontend-v1.0.0beta-4
    container_name: mealie-frontend
    depends_on:
      - mealie-api
@@ -23,7 +23,7 @@ services:
    volumes:
      - mealie-data:/app/data/ # (3)
  mealie-api:
-    image: hkotel/mealie:api-v1.0.0beta-3
+    image: hkotel/mealie:api-v1.0.0beta-4
    container_name: mealie-api
    depends_on:
      - postgres
--- a/docs/docs/documentation/getting-started/installation/sqlite.md
+++ b/docs/docs/documentation/getting-started/installation/sqlite.md
@@ -12,7 +12,7 @@ SQLite is a popular, open source, self-contained, zero-configuration database th
 version: "3.7"
 services:
  mealie-frontend:
-    image: hkotel/mealie:frontend-v1.0.0beta-3
+    image: hkotel/mealie:frontend-v1.0.0beta-4
    container_name: mealie-frontend
    environment:
    # Set Frontend ENV Variables Here
@@ -23,7 +23,7 @@ services:
    volumes:
      - mealie-data:/app/data/ # (3)
  mealie-api:
-    image: hkotel/mealie:api-v1.0.0beta-3
+    image: hkotel/mealie:api-v1.0.0beta-4
    container_name: mealie-api
    volumes:
      - mealie-data:/app/data/