From 6e291cf05df66d0ddf18607d42bcf8233a9d7a7b Mon Sep 17 00:00:00 2001 From: Henry Heng Date: Mon, 15 Sep 2025 14:58:53 +0100 Subject: [PATCH 1/4] Bugfix/add validation for file path (#5211) add validation for file path --- .../components/nodes/documentloaders/Folder/Folder.ts | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/packages/components/nodes/documentloaders/Folder/Folder.ts b/packages/components/nodes/documentloaders/Folder/Folder.ts index d567f64aaf7..e8aa16a5be8 100644 --- a/packages/components/nodes/documentloaders/Folder/Folder.ts +++ b/packages/components/nodes/documentloaders/Folder/Folder.ts @@ -10,6 +10,7 @@ import { DocxLoader } from '@langchain/community/document_loaders/fs/docx' import { LoadOfSheet } from '../MicrosoftExcel/ExcelLoader' import { PowerpointLoader } from '../MicrosoftPowerpoint/PowerpointLoader' import { handleEscapeCharacters } from '../../../src/utils' +import { isPathTraversal } from '../../../src/validator' class Folder_DocumentLoaders implements INode { label: string @@ -125,6 +126,14 @@ class Folder_DocumentLoaders implements INode { const _omitMetadataKeys = nodeData.inputs?.omitMetadataKeys as string const output = nodeData.outputs?.output as string + if (!folderPath) { + throw new Error('Folder path is required') + } + + if (isPathTraversal(folderPath)) { + throw new Error('Invalid folder path: Path traversal detected. Please provide a safe folder path.') + } + let omitMetadataKeys: string[] = [] if (_omitMetadataKeys) { omitMetadataKeys = _omitMetadataKeys.split(',').map((key) => key.trim()) From 05763db8d35743c83692a3ae56a3012579299fcd Mon Sep 17 00:00:00 2001 From: Henry Heng Date: Mon, 15 Sep 2025 16:54:00 +0100 Subject: [PATCH 2/4] Bugfix/Create Index Chatflow Name (#5213) Refactor index creation for chat_flow name across multiple databases to limit indexed length to 255 characters --- .../migrations/mariadb/1755748356008-AddChatFlowNameIndex.ts | 2 +- .../migrations/mysql/1755748356008-AddChatFlowNameIndex.ts | 2 +- .../migrations/postgres/1755748356008-AddChatFlowNameIndex.ts | 2 +- .../migrations/sqlite/1755748356008-AddChatFlowNameIndex.ts | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/server/src/database/migrations/mariadb/1755748356008-AddChatFlowNameIndex.ts b/packages/server/src/database/migrations/mariadb/1755748356008-AddChatFlowNameIndex.ts index 62c74f167d5..1fe79f449f1 100644 --- a/packages/server/src/database/migrations/mariadb/1755748356008-AddChatFlowNameIndex.ts +++ b/packages/server/src/database/migrations/mariadb/1755748356008-AddChatFlowNameIndex.ts @@ -4,7 +4,7 @@ export class AddChatFlowNameIndex1755748356008 implements MigrationInterface { name = 'AddChatFlowNameIndex1755748356008' public async up(queryRunner: QueryRunner): Promise { - await queryRunner.query(`CREATE INDEX \`IDX_chatflow_name\` ON \`chat_flow\` (\`name\`)`) + await queryRunner.query(`CREATE INDEX \`IDX_chatflow_name\` ON \`chat_flow\` (LEFT(\`name\`, 255))`) } public async down(queryRunner: QueryRunner): Promise { diff --git a/packages/server/src/database/migrations/mysql/1755748356008-AddChatFlowNameIndex.ts b/packages/server/src/database/migrations/mysql/1755748356008-AddChatFlowNameIndex.ts index 62c74f167d5..1fe79f449f1 100644 --- a/packages/server/src/database/migrations/mysql/1755748356008-AddChatFlowNameIndex.ts +++ b/packages/server/src/database/migrations/mysql/1755748356008-AddChatFlowNameIndex.ts @@ -4,7 +4,7 @@ export class AddChatFlowNameIndex1755748356008 implements MigrationInterface { name = 'AddChatFlowNameIndex1755748356008' public async up(queryRunner: QueryRunner): Promise { - await queryRunner.query(`CREATE INDEX \`IDX_chatflow_name\` ON \`chat_flow\` (\`name\`)`) + await queryRunner.query(`CREATE INDEX \`IDX_chatflow_name\` ON \`chat_flow\` (LEFT(\`name\`, 255))`) } public async down(queryRunner: QueryRunner): Promise { diff --git a/packages/server/src/database/migrations/postgres/1755748356008-AddChatFlowNameIndex.ts b/packages/server/src/database/migrations/postgres/1755748356008-AddChatFlowNameIndex.ts index 75ebae63727..4adfabf1e41 100644 --- a/packages/server/src/database/migrations/postgres/1755748356008-AddChatFlowNameIndex.ts +++ b/packages/server/src/database/migrations/postgres/1755748356008-AddChatFlowNameIndex.ts @@ -4,7 +4,7 @@ export class AddChatFlowNameIndex1755748356008 implements MigrationInterface { name = 'AddChatFlowNameIndex1755748356008' public async up(queryRunner: QueryRunner): Promise { - await queryRunner.query(`CREATE INDEX "IDX_chatflow_name" ON "chat_flow" ("name")`) + await queryRunner.query(`CREATE INDEX "IDX_chatflow_name" ON "chat_flow" (substring("name" from 1 for 255))`) } public async down(queryRunner: QueryRunner): Promise { diff --git a/packages/server/src/database/migrations/sqlite/1755748356008-AddChatFlowNameIndex.ts b/packages/server/src/database/migrations/sqlite/1755748356008-AddChatFlowNameIndex.ts index 75ebae63727..9f6023caac6 100644 --- a/packages/server/src/database/migrations/sqlite/1755748356008-AddChatFlowNameIndex.ts +++ b/packages/server/src/database/migrations/sqlite/1755748356008-AddChatFlowNameIndex.ts @@ -4,7 +4,7 @@ export class AddChatFlowNameIndex1755748356008 implements MigrationInterface { name = 'AddChatFlowNameIndex1755748356008' public async up(queryRunner: QueryRunner): Promise { - await queryRunner.query(`CREATE INDEX "IDX_chatflow_name" ON "chat_flow" ("name")`) + await queryRunner.query(`CREATE INDEX "IDX_chatflow_name" ON "chat_flow" (substr("name", 1, 255))`) } public async down(queryRunner: QueryRunner): Promise { From 79023c8909a379a440f7dea4ca324e0dc223db53 Mon Sep 17 00:00:00 2001 From: Marvelous Ikponmwosa <46595957+marvikomo@users.noreply.github.com> Date: Mon, 15 Sep 2025 16:54:34 +0100 Subject: [PATCH 3/4] feat: add gpt-5-chat-latest and gpt-4.1-mini to Azure OpenAI Node (#5212) --- packages/components/models.json | 36 +++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/packages/components/models.json b/packages/components/models.json index 73a3c7bb7f2..fb3feb21948 100644 --- a/packages/components/models.json +++ b/packages/components/models.json @@ -396,6 +396,18 @@ "name": "gpt-4.5-preview", "input_cost": 0.000075, "output_cost": 0.00015 + }, + { + "label": "gpt-4.1-mini", + "name": "gpt-4.1-mini", + "input_cost": 0.0000004, + "output_cost": 0.0000016 + }, + { + "label": "gpt-5-chat-latest", + "name": "gpt-5-chat-latest", + "input_cost": 0.00000125, + "output_cost": 0.00001 } ] }, @@ -455,6 +467,18 @@ "name": "gpt-4-1106-preview", "input_cost": 0.00001, "output_cost": 0.00003 + }, + { + "label": "gpt-4.1-mini", + "name": "gpt-4.1-mini", + "input_cost": 0.0000004, + "output_cost": 0.0000016 + }, + { + "label": "gpt-5-chat-latest", + "name": "gpt-5-chat-latest", + "input_cost": 0.00000125, + "output_cost": 0.00001 } ] }, @@ -1682,6 +1706,18 @@ "name": "gpt-4-32k", "input_cost": 0.00006, "output_cost": 0.00012 + }, + { + "label": "gpt-4.1-mini", + "name": "gpt-4.1-mini", + "input_cost": 0.0000004, + "output_cost": 0.0000016 + }, + { + "label": "gpt-5-chat-latest", + "name": "gpt-5-chat-latest", + "input_cost": 0.00000125, + "output_cost": 0.00001 } ] }, From c4322ce70b1cb5684eb777ad4c20a0a6634ea529 Mon Sep 17 00:00:00 2001 From: Henry Heng Date: Mon, 15 Sep 2025 16:58:42 +0100 Subject: [PATCH 4/4] Release/3.0.7 (#5214) flowise@3.0.7 --- package.json | 2 +- packages/components/package.json | 2 +- packages/server/package.json | 2 +- packages/ui/package.json | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index c597e90d4bd..aa7f96c6fcf 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "flowise", - "version": "3.0.6", + "version": "3.0.7", "private": true, "homepage": "https://flowiseai.com", "workspaces": [ diff --git a/packages/components/package.json b/packages/components/package.json index 5eecc02c801..72e03a5cc85 100644 --- a/packages/components/package.json +++ b/packages/components/package.json @@ -1,6 +1,6 @@ { "name": "flowise-components", - "version": "3.0.6", + "version": "3.0.7", "description": "Flowiseai Components", "main": "dist/src/index", "types": "dist/src/index.d.ts", diff --git a/packages/server/package.json b/packages/server/package.json index 9eb122e414f..bfd77607bbc 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -1,6 +1,6 @@ { "name": "flowise", - "version": "3.0.6", + "version": "3.0.7", "description": "Flowiseai Server", "main": "dist/index", "types": "dist/index.d.ts", diff --git a/packages/ui/package.json b/packages/ui/package.json index 0a60dfb8bb9..c93b7794004 100644 --- a/packages/ui/package.json +++ b/packages/ui/package.json @@ -1,6 +1,6 @@ { "name": "flowise-ui", - "version": "3.0.6", + "version": "3.0.7", "license": "SEE LICENSE IN LICENSE.md", "homepage": "https://flowiseai.com", "author": {