withastro/astro
withastro/astro
Activity
Last release
Open issues
Open PRs
License
release notes
release notes
Published 11/29/2025
Safe upgrade#14889 4bceeb0 Thanks @florian-lefebvre! - Fixes actions types when using specific TypeScript configurations
#14929 e0f277d Thanks @matthewp! - Fixes authentication bypass via double URL encoding in middleware
Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., /%2561dmin instead of /%61dmin). Pathnames are now validated after decoding to ensure no additional encoding remains.
release notes
Published 11/29/2025
Safe upgrade#14889 4bceeb0 Thanks @florian-lefebvre! - Fixes actions types when using specific TypeScript configurations
#14929 e0f277d Thanks @matthewp! - Fixes authentication bypass via double URL encoding in middleware
Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., /%2561dmin instead of /%61dmin). Pathnames are now validated after decoding to ensure no additional encoding remains.
The web framework for content-driven websites. ⭐️ Star to support our work!