fix: guard remote media fetches with SSRF checks

2026-06-29 13:02:10 +03:00 · 2026-02-02 04:04:27 -08:00
parent d842b28a15
commit 81c68f582d
11 changed files with 422 additions and 241 deletions
@@ -22,6 +22,7 @@ Docs: https://docs.openclaw.ai

 ### Fixes

+- Security: guard remote media fetches with SSRF protections (block private/localhost, DNS pinning).
 - Plugins: validate plugin/hook install paths and reject traversal-like names.
 - Telegram: add download timeouts for file fetches. (#6914) Thanks @hclsys.
 - Telegram: enforce thread specs for DM vs forum sends. (#6833) Thanks @obviyus.