yt-dlp

mirror of https://github.com/yt-dlp/yt-dlp.git synced 2024-11-21 20:46:36 -05:00

History

Simon Sawicki ff07792676 [core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423) The shell escape function now properly escapes `%`, `\\` and `\n`. `utils.Popen` as well as `%q` output template expansion have been patched accordingly. Prior to this fix using `--exec` together with `%q` when on Windows could cause remote code to execute. See https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p for more details. Authored by: Grub4K		2024-04-09 18:36:13 +02:00
..
__pyinstaller	[rh:curlcffi] Add support for `curl_cffi`	2024-03-16 23:15:11 -05:00
compat	[core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423)	2024-04-09 18:36:13 +02:00
dependencies	[rh:curlcffi] Add support for `curl_cffi`	2024-03-16 23:15:11 -05:00
downloader	Add new option `--progress-delta` (#9082 )	2024-04-08 22:47:38 +02:00
extractor	[ie/jiosaavn] Support playlists (#9622 )	2024-04-07 20:55:46 +00:00
networking	[cleanup] Misc (#9426 )	2024-04-09 16:12:26 +00:00
postprocessor	[docs] Misc Cleanup (#8977 )	2024-03-11 00:48:47 +05:30
utils	[core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423)	2024-04-09 18:36:13 +02:00
__init__.py	Add new option `--progress-delta` (#9082 )	2024-04-08 22:47:38 +02:00
__main__.py	[docs] Misc Cleanup (#8977 )	2024-03-11 00:48:47 +05:30
aes.py
cache.py
cookies.py	[cookies] Add `--cookies-from-browser` support for Firefox Flatpak (#9619 )	2024-04-07 15:28:59 +00:00
jsinterp.py
minicurses.py
options.py	Add new option `--progress-delta` (#9082 )	2024-04-08 22:47:38 +02:00
plugins.py	[plugins] Handle `PermissionError` (#9229 )	2024-02-20 14:37:37 +05:30
socks.py
update.py	[cleanup] Misc (#9426 )	2024-04-09 16:12:26 +00:00
version.py	Release 2024.03.10	2024-03-10 19:40:56 +00:00
webvtt.py	[cleanup] Misc (#8968 )	2024-03-11 00:52:28 +05:30
YoutubeDL.py	[core] Prevent RCE when using `--exec` with `%q` (CVE-2024-22423)	2024-04-09 18:36:13 +02:00