Danny Avila c7f38d9621 🛡️ fix: Validate Avatar URL Before Fetch (#12928) ... `resizeAvatar` previously called `node-fetch` on any string input with no validation. When OIDC providers surface a user-controllable `picture` claim, this could be used to make blind SSRF requests to internal services on every social login. Wrap the URL fetch with: - An allowlist on the URL protocol (http/https only). - The shared `createSSRFSafeAgents` utility, which blocks resolution to private, loopback, and link-local IPs at TCP connect time (TOCTOU-safe; works equally for hostname targets that DNS-resolve privately and for IP-literal targets, since Node's `net.Socket` always dispatches through the agent's `lookup` hook). - `redirect: 'error'` so a public-IP redirect target cannot be used to bypass the agent check on a subsequent hop. - A 5-second total request budget (node-fetch v2's `timeout` covers request initiation through full body receipt, bounding slow-loris exposure rather than just the TCP connect). - A 10 MB response cap (`size` option + `Content-Length` pre-check + post-read length assertion) so a hostile payload cannot exhaust memory before `sharp()` rejects it. Fetch the canonicalized `parsed.href` rather than the raw input string to eliminate any future parser-differential between `new URL()` and the underlying fetch implementation. Per-call agent construction is intentional: the avatar path runs once per social login per user, so pooling adds complexity without a measurable benefit. Documented inline. Comprehensive test coverage in `avatar.spec.js`: - Rejects malformed URLs, non-http(s) schemes (file://, data:, javascript:). - Asserts the happy-path canonicalization (`fetch` is called with `parsed.href`) and the SSRF-safe agent factory routing (https→httpsAgent, http→httpAgent). - Rejects non-2xx HTTP status. - Rejects an oversized Content-Length before reading the body, and asserts `.buffer()` is never invoked in that case. - Rejects an oversized body even when the server lies about / omits Content-Length. - Surfaces ESSRF, redirect, and `size` overflow errors thrown by the fetch layer. - Confirms Buffer inputs bypass the fetcher entirely.		2026-05-04 11:16:40 +09:00
..
app	🧬 chore: Align LibreChat With Agents LangChain Upgrade (#12922)	2026-05-03 12:46:01 -04:00
cache	🚦 fix: ERR_ERL_INVALID_IP_ADDRESS and IPv6 Key Collisions in IP Rate Limiters (#12319)	2026-03-19 21:48:03 -04:00
config	🔊 fix: Preserve Log Metadata on Console for Warn/Error Levels (#12737)	2026-04-19 21:49:41 -07:00
db	🐛 fix: Resolve MeiliSearch Startup Sync Failure from Model Loading Order (#12397)	2026-03-25 14:02:44 -04:00
models	🗑️ chore: Remove Action Test Suite and Update Mock Implementations (#12268)	2026-03-21 14:28:55 -04:00
server	🛡️ fix: Validate Avatar URL Before Fetch (#12928)	2026-05-04 11:16:40 +09:00
strategies	🔐 fix: Avoid Logging Password On Login Validation Error (#12926)	2026-05-03 21:27:41 -04:00
test	🌱 fix: Inject Code-Tool Files Into Graph Sessions on First Call (+ read_file Sandbox Fallback) (#12831)	2026-04-27 08:56:39 +09:00
utils	🧭 fix: Migrate Anthropic Long Context (#12911)	2026-05-02 22:14:19 +09:00
jest.config.js	📏 refactor: Add File Size Limits to Conversation Imports (#12221)	2026-03-14 03:06:29 -04:00
jsconfig.json
package.json	🧬 chore: Align LibreChat With Agents LangChain Upgrade (#12922)	2026-05-03 12:46:01 -04:00
typedefs.js	🧬 chore: Align LibreChat With Agents LangChain Upgrade (#12922)	2026-05-03 12:46:01 -04:00