Skip to content

Add Remotion endpoint fix reference#8273

Open
cookesan wants to merge 1 commit into
github:cookesan/advisory-improvement-8273from
cookesan:remotion-2jqp-fix-reference
Open

Add Remotion endpoint fix reference#8273
cookesan wants to merge 1 commit into
github:cookesan/advisory-improvement-8273from
cookesan:remotion-2jqp-fix-reference

Conversation

@cookesan

@cookesan cookesan commented Jun 29, 2026

Copy link
Copy Markdown

Adds the upstream merge commit for remotion-dev/remotion#6378 to GHSA-2jqp-f4gr-44fr.

Evidence checked:

  • PR Fix wrong data in GHSA-c32m-27pj-4xcj.json #6378 merged as commit e3fcb3382057bb0bf1b0128a4f40c557ece7527a.
  • The v4.0.410 fixed tag contains that merge commit, and the release notes name Fix wrong data in GHSA-c32m-27pj-4xcj.json #6378 as the endpoint hardening change.
  • The commit protects the file-explorer and add-asset endpoints by switching Windows file opening to spawn, requiring same-origin add-asset requests, and moving add-asset under the static hash route.
  • The npm @remotion/studio-server 4.0.410 and @remotion/studio 4.0.410 packages contain the fixed endpoint code; @remotion/cli 4.0.410 depends on those packages and remotion 4.0.410.

@github-actions github-actions Bot changed the base branch from main to cookesan/advisory-improvement-8273 June 29, 2026 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cookesan