python · crawl4aiCritical
crawl4ai Docker API now validates proxy destinations for global routability
The Docker API server now validates proxy destinations with the same global-routability check used for crawl URLs, rejecting any resolved address that is not globally routable.
What changed
The Docker API server now validates proxy destinations with the same global-routability check used for crawl URLs, rejecting any resolved address that is not globally routable. Proxy/DNS-redirecting flags are stripped from extra_args.
Who it affects
All deployments of crawl4ai using the Docker API without authentication, especially those with access to internal services or cloud metadata endpoints.
What to do today
Upgrade to version 0.8.9 or later, enable authentication via CRAWL4AI_API_TOKEN, or restrict container outbound network access.
The trail
Collected→
Audited→
Written→
Published