### Vulnerability Overview - **Vulnerability Name**: Fix for overly permissive CORS policy allowing cross-site attacks - **Vulnerability Description**: Fixed an overly permissive CORS policy that allowed cross-site attacks. - **Fix Commit**: [0872d31](https://github.com/alexta69/metube/commit/0872d31) ### Scope of Impact - **Affected Component**: `CORS_ALLOWED_ORIGINS` variable - **Affected Versions**: Versions prior to 2026.04.10 ### Remediation - **Remediation Measure**: Fixed the overly permissive CORS policy that allowed cross-site attacks. - **Fixed Version**: 2026.04.10 ### Other Changes - **New Feature**: Documented the `CORS_ALLOWED_ORIGINS` variable ([aaf0429](https://github.com/alexta69/metube/commit/aaf0429)) - **Other Fixes**: Live streams are no longer marked as watched ([afeb617](https://github.com/alexta69/metube/commit/afeb617)) ### Resources - **Docker Hub**: - `alexta69/metube:latest` - `alexta69/metube:2026.04.10` - **GitHub Container Registry**: - `ghcr.io/alexta69/metube:latest` - `ghcr.io/alexta69/metube:2026.04.10` ### Assets - **Source Code**: - [Source code (zip)](https://github.com/alexta69/metube/archive/refs/tags/2026.04.10.zip) - [Source code (tar.gz)](https://github.com/alexta69/metube/archive/refs/tags/2026.04.10.tar.gz)