security: multiple reported CVE fixes (#1515)

* update out of date license * update typing / refactor * fix arbitrarty path injection * use markdown sanatizer to prevent XSS CWE-79 * fix CWE-918 SSRF by validating url and mime type * add security docs * update recipe-scrapers * resolve DOS from arbitrary url * update changelog * bump version * add ref to #1506 * add #1511 to changelog * use requests decoder * actually fix encoding issue
2025-12-09 11:55:18 -05:00 · 2022-07-31 13:10:20 -08:00
parent 483f789b8e
commit 13850cda1f
23 changed files with 401 additions and 118 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -3,7 +3,7 @@ name = "mealie"
 version = "1.0.0b"
 description = "A Recipe Manager"
 authors = ["Hayden <hay-kot@pm.me>"]
-license = "MIT"
+license = "AGPL"

 [tool.poetry.scripts]
 start = "mealie.app:main"