gt-ai-os-community

GTEdgeAI/gt-ai-os-community

Fork 0

Commit Graph

Author	SHA1	Message	Date
HackWeasel	dc884df271	fix: remove SSRF protection for Community Edition local deployments Community Edition runs entirely locally, so SSRF protection against private IPs is unnecessary and blocks legitimate use cases like: - Ollama on localhost:11434 - vLLM on 192.168.x.x - Other local model servers Enterprise Edition should re-enable SSRF protection for multi-tenant cloud deployments where it provides security value. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-15 16:18:24 -05:00
HackWeasel	676d48ea1f	fix: allow Docker networking hostnames in SSRF check for local Ollama The SSRF protection was blocking endpoint tests for Ollama because host.docker.internal and ollama-host resolve to private IPs. These Docker networking hostnames are now allowlisted: - host.docker.internal (Docker's standard for reaching host) - ollama-host (custom alias defined in docker-compose) - gateway.docker.internal (Docker gateway) This enables Community Edition users to test local Ollama endpoints while maintaining SSRF protection against other private IP access. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-15 16:12:28 -05:00
HackWeasel	b9dfb86260	GT AI OS Community Edition v2.0.33 Security hardening release addressing CodeQL and Dependabot alerts: - Fix stack trace exposure in error responses - Add SSRF protection with DNS resolution checking - Implement proper URL hostname validation (replaces substring matching) - Add centralized path sanitization to prevent path traversal - Fix ReDoS vulnerability in email validation regex - Improve HTML sanitization in validation utilities - Fix capability wildcard matching in auth utilities - Update glob dependency to address CVE - Add CodeQL suppression comments for verified false positives 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-12 17:04:45 -05:00

Author

SHA1

Message

Date

HackWeasel

dc884df271

fix: remove SSRF protection for Community Edition local deployments

Community Edition runs entirely locally, so SSRF protection against
private IPs is unnecessary and blocks legitimate use cases like:
- Ollama on localhost:11434
- vLLM on 192.168.x.x
- Other local model servers

Enterprise Edition should re-enable SSRF protection for multi-tenant
cloud deployments where it provides security value.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2025-12-15 16:18:24 -05:00

HackWeasel

676d48ea1f

fix: allow Docker networking hostnames in SSRF check for local Ollama

The SSRF protection was blocking endpoint tests for Ollama because
host.docker.internal and ollama-host resolve to private IPs.

These Docker networking hostnames are now allowlisted:
- host.docker.internal (Docker's standard for reaching host)
- ollama-host (custom alias defined in docker-compose)
- gateway.docker.internal (Docker gateway)

This enables Community Edition users to test local Ollama endpoints
while maintaining SSRF protection against other private IP access.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2025-12-15 16:12:28 -05:00

HackWeasel

b9dfb86260

GT AI OS Community Edition v2.0.33

Security hardening release addressing CodeQL and Dependabot alerts:

- Fix stack trace exposure in error responses
- Add SSRF protection with DNS resolution checking
- Implement proper URL hostname validation (replaces substring matching)
- Add centralized path sanitization to prevent path traversal
- Fix ReDoS vulnerability in email validation regex
- Improve HTML sanitization in validation utilities
- Fix capability wildcard matching in auth utilities
- Update glob dependency to address CVE
- Add CodeQL suppression comments for verified false positives

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2025-12-12 17:04:45 -05:00

3 Commits