Security notes update

Open eoinwm-cisa opened this issue 2 months ago • 2 comments

We did some analysis regarding SSRF vulnerabilities (CVE-2025-51591, CVE-2022-35583) and came up with suggested changes for the documentation.

Related: #11261 #10682 #8874 #11200

Oct 30 '25 19:10 eoinwm-cisa

CC @dw4rren.

Oct 30 '25 20:10 amanion-cisa

It would be good to know if any of the other via-HTML pdf-engines are subject to the same problem as wkhtmltopdf. That would allow more useful guidance.

Nov 30 '25 14:11 jgm