ContextQMD
Back to Label Studio

2.20.1

docs/source/guide/release_notes/onprem/2.20.1.md

2.2.10-1953 B
Original Source

Label Studio Enterprise 2.20.1

<div class="onprem-highlight">Security-related fixes</div>

Feb 12, 2025

Helm Chart version: 1.9.2

Security

  • Image file paths are restricted as to prevent arbitrary path traversal.
  • As an XSS prevention measure, /projects/upload-example no longer accepts GET requests.
  • Only recognized S3 endpoints from a list of known S3 API providers will return full list exceptions when an HTTP call is submitted.

!!! note If you want to use a non-standard/custom domain for hosting your S3 API and you still want full exceptions to be visible, you can add your domain to the S3_TRUSTED_STORAGE_DOMAINS environment variable.

Separate multiple domains with a comma. For example, if the endpoints you are using are `https://foo.mys3endpoint.net` and `https://myothers3endpoint.biz`, then you would set it as: 

`S3_TRUSTED_STORAGE_DOMAINS=mys3endpoint.net,myothers3endpoint.biz`