mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-07-01 13:18:10 +00:00
- Add security.py module with DNS-resolving URL validation that blocks private/reserved IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8, 169.254.0.0/16, 0.0.0.0/32) and IPv6 equivalents - Update FileUrl._validate_url() to use the new validate_url() function - Disable follow_redirects in read()/aread() to prevent redirect-based SSRF - Add CREWAI_FILES_ALLOW_UNSAFE_URLS env var escape hatch - Add comprehensive tests for SSRF protection Fixes #5843 Co-Authored-By: João <joao@crewai.com>