LibreChat

mirror of https://github.com/danny-avila/LibreChat.git synced 2026-05-13 16:07:30 +00:00

History

Danny Avila 37429e8a3e 🚦 feat: Make URL Auto-Submit Configurable (#12929 ) `/c/new?prompt=…&submit=true` previously auto-submitted the prompt unconditionally. For deployments where users may receive crafted links from external sources, an authenticated victim's click can trigger an immediate, attacker-controlled prompt against a memory- or tool-enabled model — providing a 1-click vector for prompt-injection exfiltration via markdown image rendering. Add `interface.autoSubmitFromUrl` (default `true` to preserve current behavior). Operators handling sensitive memory/tool data can set it to `false` so URL-supplied prompts only pre-fill the composer; the user must press Send explicitly.		2026-05-04 11:17:19 +09:00
..
public	🎨 chore: Update Agent Tool with new SVG assets (#12065 )	2026-03-04 09:28:19 -05:00
scripts
src	🚦 feat: Make URL Auto-Submit Configurable (#12929 )	2026-05-04 11:17:19 +09:00
test	🧑‍🎨 refactor: Prompts/Sidebar styles for improved UI Consistency (#12426 )	2026-04-09 00:02:31 -04:00
babel.config.cjs	🧑‍🎨 refactor: Prompts/Sidebar styles for improved UI Consistency (#12426 )	2026-04-09 00:02:31 -04:00
check_updates.sh
index.html
jest.config.cjs	✨ v0.8.5 (#12727 )	2026-04-22 13:10:19 -07:00
nginx.conf	📬 docs: Add Forwarded Headers to Nginx SSL Proxy Template (#12379 )	2026-03-25 13:04:19 -04:00
package.json	📜 feat: Skills UI + Initial E2E CRUD / Sharing (#12580 )	2026-04-25 04:02:00 -04:00
postcss.config.cjs
tailwind.config.cjs	♿ style(MCP): Enhance dialog accessibility and styling consistency (#11585 )	2026-02-11 22:08:40 -05:00
tsconfig.json	📦 chore: Update TypeScript Config for TS v7 (#12794 )	2026-04-23 12:51:03 -04:00
vite.config.ts	📜 feat: Skills UI + Initial E2E CRUD / Sharing (#12580 )	2026-04-25 04:02:00 -04:00