From 163fc9e3a31158b4be8ff25f98a1c905c6eb1afb Mon Sep 17 00:00:00 2001 From: Imamuzzaki Abu Salam Date: Fri, 14 Jun 2024 08:45:06 +0700 Subject: [PATCH 1/5] fix someone forgot to update license year to 2024 --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 542e91f4e77..c979e90c048 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2023 Zhang Yifei +Copyright (c) 2024 Zhang Yifei Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 9b0a7050556bed8d0289aeb9686299c1608b5f3f Mon Sep 17 00:00:00 2001 From: Imamuzzaki Abu Salam Date: Fri, 14 Jun 2024 09:19:38 +0700 Subject: [PATCH 2/5] Update LICENSE --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index c979e90c048..047f9431e7d 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2024 Zhang Yifei +Copyright (c) 2023-2024 Zhang Yifei Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 4640060891c85b6619cdaf7b7ee4c0cfc4404170 Mon Sep 17 00:00:00 2001 From: hengstchon Date: Fri, 21 Jun 2024 12:05:28 +0200 Subject: [PATCH 3/5] feat: support model: claude-3-5-sonnet-20240620 --- app/constant.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/app/constant.ts b/app/constant.ts index 411e481508d..1ccb1aeb272 100644 --- a/app/constant.ts +++ b/app/constant.ts @@ -166,6 +166,7 @@ const anthropicModels = [ "claude-3-sonnet-20240229", "claude-3-opus-20240229", "claude-3-haiku-20240307", + "claude-3-5-sonnet-20240620", ]; export const DEFAULT_MODELS = [ From 9fb8fbcc65c29c74473a13715c05725e2b49065d Mon Sep 17 00:00:00 2001 From: Fred Date: Mon, 24 Jun 2024 14:31:50 +0800 Subject: [PATCH 4/5] fix: validate the url to avoid SSRF --- app/api/webdav/[...path]/route.ts | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/app/api/webdav/[...path]/route.ts b/app/api/webdav/[...path]/route.ts index 816c2046b22..01286fc1bf9 100644 --- a/app/api/webdav/[...path]/route.ts +++ b/app/api/webdav/[...path]/route.ts @@ -9,6 +9,14 @@ const mergedAllowedWebDavEndpoints = [ ...config.allowedWebDevEndpoints, ].filter((domain) => Boolean(domain.trim())); +const normalizeUrl = (url: string) => { + try { + return new URL(url); + } catch (err) { + return null; + } +}; + async function handle( req: NextRequest, { params }: { params: { path: string[] } }, @@ -24,9 +32,15 @@ async function handle( // Validate the endpoint to prevent potential SSRF attacks if ( - !mergedAllowedWebDavEndpoints.some( - (allowedEndpoint) => endpoint?.startsWith(allowedEndpoint), - ) + !endpoint || + !mergedAllowedWebDavEndpoints.some((allowedEndpoint) => { + const normalizedAllowedEndpoint = normalizeUrl(allowedEndpoint); + const normalizedEndpoint = normalizeUrl(endpoint as string); + + return normalizedEndpoint && + normalizedEndpoint.hostname === normalizedAllowedEndpoint?.hostname && + normalizedEndpoint.pathname.startsWith(normalizedAllowedEndpoint.pathname); + }) ) { return NextResponse.json( { From b972a0d0817e612fe2a1cba398c338bcec7573e6 Mon Sep 17 00:00:00 2001 From: Fred Date: Mon, 24 Jun 2024 14:45:45 +0800 Subject: [PATCH 5/5] feat: bump version --- src-tauri/tauri.conf.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json index ee87d8d1540..6230ba41fac 100644 --- a/src-tauri/tauri.conf.json +++ b/src-tauri/tauri.conf.json @@ -9,7 +9,7 @@ }, "package": { "productName": "NextChat", - "version": "2.12.3" + "version": "2.12.4" }, "tauri": { "allowlist": { @@ -112,4 +112,4 @@ } ] } -} +} \ No newline at end of file