utcp-http 1.1.2

h3xxit · h3xxit · commit de2c3a809054 · 2026-05-03T23:00:06.000+02:00
Ships the SSRF fix from 5b16e43 (#83): tool invocation now revalidates the resolved URL against the same HTTPS / loopback allowlist that manual discovery uses, and the allowlist itself is now hostname-based instead of prefix-based so `http://localhost.evil.com` is rejected.
diff --git a/plugins/communication_protocols/http/pyproject.toml b/plugins/communication_protocols/http/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "utcp-http"
-version = "1.1.1"
+version = "1.1.2"
 authors = [
   { name = "UTCP Contributors" },
 ]

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"`
`4`	`4`
`5`	`5`	`[project]`
`6`	`6`	`name = "utcp-http"`
`7`		`-version = "1.1.1"`
	`7`	`+version = "1.1.2"`
`8`	`8`	`authors = [`
`9`	`9`	`{ name = "UTCP Contributors" },`
`10`	`10`	`]`