Security1.43.1
Security fix for authenticated SSRF vulnerability
This release addresses an authenticated SSRF vulnerability in Meilisearch. Self-hosting users who allow third parties to configure instances should upgrade, though no exploitation has been detected on Meilisearch Cloud.
Meilisearch v1.43.1 contains a security fix for an authenticated SSRF vulnerability.
No exploitation was found on Meilisearch Cloud. Cloud users are not required to update.
We recommend that self-hosting users upgrade if they allow third parties to configure Meilisearch instances.
We thank Sion Park (@tldhs1144), who reported the issue and suggested a fix, for improving the security of Meilisearch ❤️
securityssrfauthenticationself-hosted
Source: original entry ↗