PeerTube
A free, decentralized and federated video platform
Alternative to: youtube, vimeo, dailymotion
About
Versions (100)
v7.1.1
2025-04-08SECURITY
This release fixes important vulnerabilities of PeerTube <= 7.1.0, discovered by Ori Hollander of the JFrog Vulnerability Research team. Many thanks to them!
- High severity Fix DoS and blind SSRF on ActivityPub playlist creation CVE-2025-32948
- High severity Prevent infinite loop DoS when crawling ActivityPub data CVE-2025-32947
- Medium severity Prevent an attacker from adding playlists to a another user’s channel using the ActivityPub CVE-2025-32946
- Medium severity Prevent an attacker from adding playlists to a another user’s channel using the REST API CVE-2025-32945
- Medium severity Add protection against ZIP bomb on user import CVE-2025-32949
- Medium severity Prevent crash on user import with a ZIP containg an illegal filename CVE-2025-32944
- Low severity Do not leak private HLS playlists (
.m3u8files) CVE-2025-32943
Bug fixes
- Fix playlist page margins
- Fix danger button border
- Fix unsubscribe button label for channels
- Fix remote subscribe on iOS
- Add Podcast feed to subscribe button
- Always display technical information tab in About page
- Fix menu button auto font-size to prevent overflow in some locales
- Correctly inject multiple
rel="me"links with supported markdown fields - Fix adding studio watermark with audio/video split HLS file
- Reset video state on studio failure
- Fix updating a user in administration
- Fix error when getting a S3 object with some S3 providers
- Specify charset when uploading caption files in S3
- Fix theme color parsing with some web browsers
- Improve channel description in custom markup miniature
- Ensure ffmpeg process is killed if download is aborted
- Correctly reload playlist on playlist change in watch page
- Use
indexifembeddedin embeds instead ofnoindex - Fix extra space on links of remote comments
- Don’t convert webp images to jpeg