mirror of
https://github.com/spotipy-dev/spotipy.git
synced 2026-04-26 08:05:55 +03:00
-
2.22.1 Stable
kerem released this
2023-01-23 22:00:55 +03:00 | 108 commits to master since this release📅 Originally published on GitHub: Mon, 23 Jan 2023 19:39:44 GMT
🏷️ Git tag created: Mon, 23 Jan 2023 19:00:55 GMTFixed
- CVE-2023-23608: fixed path traversal vulnerability that may lead to type confusion in URI handling code. Can prevent a potential XSS attack.
- Upgrade if your app is user-facing and it allows user inputs for any type of Spotify IDs/URIs/URLs that may be forwarded to the Spotify API. Thanks to @Shaderbug for finding and fixing this bug
github.com/spotipy-dev/spotipy@b1db0b63d9
- Upgrade if your app is user-facing and it allows user inputs for any type of Spotify IDs/URIs/URLs that may be forwarded to the Spotify API. Thanks to @Shaderbug for finding and fixing this bug
Changed
- Modified docstring for deprecated
playlist_add_items()to accept "only URIs or URLs", with intended fix for IDs in v3.- The bug still exists for developers dealing with episodes IDs rather than just track IDs. However it is recommended to use the new
playlist_add_tracks()orplaylist_add_episodes()if dealing with episodes or simply to avoid confusion. See https://github.com/spotipy-dev/spotipy/pull/919 by @oliveraw for context
- The bug still exists for developers dealing with episodes IDs rather than just track IDs. However it is recommended to use the new
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
- CVE-2023-23608: fixed path traversal vulnerability that may lead to type confusion in URI handling code. Can prevent a potential XSS attack.