{
"action": "add",
"when": "1ceb657bdd254ad961489e5060f2ccc7d556b729",
- "short": "[priority] Security: [[CVE-2023-35934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35934)] Fix [Cookie leak](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj)\n - `--add-header Cookie:` is deprecated and auto-scoped to input URL domains\n - Cookies are scoped when passed to external downloaders\n - Add `cookie` field to info.json and deprecate `http_headers.Cookie`"
+ "short": "[priority] Security: [[CVE-2023-35934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35934)] Fix [Cookie leak](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj)\n - `--add-header Cookie:` is deprecated and auto-scoped to input URL domains\n - Cookies are scoped when passed to external downloaders\n - Add `cookies` field to info.json and deprecate `http_headers.Cookie`"
+ },
+ {
+ "action": "change",
+ "when": "b03fa7834579a01cc5fba48c0e73488a16683d48",
+ "short": "[ie/twitter] Revert 92315c03774cfabb3a921884326beb4b981f786b",
+ "authors": ["pukkandan"]
+ },
+ {
+ "action": "change",
+ "when": "fcd6a76adc49d5cd8783985c7ce35384b72e545f",
+ "short": "[test] Add tests for socks proxies (#7908)",
+ "authors": ["coletdjnz"]
+ },
+ {
+ "action": "change",
+ "when": "4bf912282a34b58b6b35d8f7e6be535770c89c76",
+ "short": "[rh:urllib] Remove dot segments during URL normalization (#7662)",
+ "authors": ["coletdjnz"]
+ },
+ {
+ "action": "change",
+ "when": "59e92b1f1833440bb2190f847eb735cf0f90bc85",
+ "short": "[rh:urllib] Simplify gzip decoding (#7611)",
+ "authors": ["Grub4K"]
+ },
+ {
+ "action": "add",
+ "when": "c1d71d0d9f41db5e4306c86af232f5f6220a130b",
+ "short": "[priority] **The minimum *recommended* Python version has been raised to 3.8**\nSince Python 3.7 has reached end-of-life, support for it will be dropped soon. [Read more](https://github.com/yt-dlp/yt-dlp/issues/7803)"
+ },
+ {
+ "action": "add",
+ "when": "61bdf15fc7400601c3da1aa7a43917310a5bf391",
+ "short": "[priority] Security: [[CVE-2023-40581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40581)] [Prevent RCE when using `--exec` with `%q` on Windows](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg)\n - The shell escape function is now using `\"\"` instead of `\\\"`.\n - `utils.Popen` has been patched to properly quote commands."
+ },
+ {
+ "action": "change",
+ "when": "8a8b54523addf46dfd50ef599761a81bc22362e6",
+ "short": "[rh:requests] Add handler for `requests` HTTP library (#3668)\n\n\tAdds support for HTTPS proxies and persistent connections (keep-alive)",
+ "authors": ["bashonly", "coletdjnz", "Grub4K"]
+ },
+ {
+ "action": "add",
+ "when": "1d03633c5a1621b9f3a756f0a4f9dc61fab3aeaa",
+ "short": "[priority] **The release channels have been adjusted!**\n\t* [`master`](https://github.com/yt-dlp/yt-dlp-master-builds) builds are made after each push, containing the latest fixes (but also possibly bugs). This was previously the `nightly` channel.\n\t* [`nightly`](https://github.com/yt-dlp/yt-dlp-nightly-builds) builds are now made once a day, if there were any changes."
+ },
+ {
+ "action": "add",
+ "when": "f04b5bedad7b281bee9814686bba1762bae092eb",
+ "short": "[priority] Security: [[CVE-2023-46121](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46121)] Patch [Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x)\n\t- Disallow smuggling of arbitrary `http_headers`; extractors now only use specific headers"
+ },
+ {
+ "action": "change",
+ "when": "15f22b4880b6b3f71f350c64d70976ae65b9f1ca",
+ "short": "[webvtt] Allow spaces before newlines for CueBlock (#7681)",
+ "authors": ["TSRBerry"]
+ },
+ {
+ "action": "change",
+ "when": "4ce57d3b873c2887814cbec03d029533e82f7db5",
+ "short": "[ie] Support multi-period MPD streams (#6654)",
+ "authors": ["alard", "pukkandan"]
+ },
+ {
+ "action": "change",
+ "when": "aa7e9ae4f48276bd5d0173966c77db9484f65a0a",
+ "short": "[ie/xvideos] Support new URL format (#9502)",
+ "authors": ["sta1us"]
+ },
+ {
+ "action": "remove",
+ "when": "22e4dfacb61f62dfbb3eb41b31c7b69ba1059b80"
+ },
+ {
+ "action": "change",
+ "when": "e3a3ed8a981d9395c4859b6ef56cd02bc3148db2",
+ "short": "[cleanup:ie] No `from` stdlib imports in extractors",
+ "authors": ["pukkandan"]
+ },
+ {
+ "action": "add",
+ "when": "9590cc6b4768e190183d7d071a6c78170889116a",
+ "short": "[priority] Security: [[CVE-2024-22423](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22423)] [Prevent RCE when using `--exec` with `%q` on Windows](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p)\n - The shell escape function now properly escapes `%`, `\\` and `\\n`.\n - `utils.Popen` has been patched accordingly."
+ },
+ {
+ "action": "change",
+ "when": "41ba4a808b597a3afed78c89675a30deb6844450",
+ "short": "[ie/tiktok] Extract via mobile API only if extractor-arg is passed (#9938)",
+ "authors": ["bashonly"]
+ },
+ {
+ "action": "remove",
+ "when": "6e36d17f404556f0e3a43f441c477a71a91877d9"
+ },
+ {
+ "action": "change",
+ "when": "beaf832c7a9d57833f365ce18f6115b88071b296",
+ "short": "[ie/soundcloud] Add `formats` extractor-arg (#10004)",
+ "authors": ["bashonly", "Grub4K"]
+ },
+ {
+ "action": "change",
+ "when": "5c019f6328ad40d66561eac3c4de0b3cd070d0f6",
+ "short": "[cleanup] Misc (#9765)",
+ "authors": ["bashonly", "Grub4K", "seproDev"]
}
]
projects / yt-dlp.git / blobdiff