mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2026-04-16 23:08:38 +02:00

Go to file

aikido-autofix[bot] 60cc749e6a [Aikido] Fix critical issue in axios via minor version upgrade from 1.13.6 to 1.15.0 in frontend (#6092 )

Upgrade axios to fix critical proxy bypass and SSRF vulnerabilities in
hostname normalization that could allow attackers to reach protected
internal services.

✅ There are no breaking changes

<details>
<summary>✅ 1 CVE resolved by this upgrade, including 1 critical 🚨
CVE</summary>

<br>


This PR will resolve the following CVEs:
| Issue |
Severity&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |
Description |
| --- | --- | --- |
|
<pre>[CVE-2025-62718](https://app.aikido.dev/issues/26490690/detail?groupId=70007#CVE-2025-62718)</pre>
| <pre>🚨 CRITICAL</pre> | [axios] Axios fails to properly normalize
hostnames when checking NO_PROXY rules, allowing requests to loopback
addresses (localhost., [::1]) to bypass proxy protections and reach
internal services. This enables proxy bypass and SSRF attacks against
protected loopback or internal endpoints. |


</details>

Co-authored-by: aikido-autofix[bot] <119856028+aikido-autofix[bot]@users.noreply.github.com>

2026-04-10 09:50:05 +01:00

.devcontainer

…

.github

possible fix permission issues and fix thread timing issues (#6061 )

2026-04-03 16:49:16 +01:00

.vscode

chore(vscode): replace deprecated Copilot extension with Copilot Chat (#5662 )

2026-02-06 10:42:41 +00:00

app

Add Java orchestrator to connect to the AI engine (#6003 )

2026-04-09 08:04:38 +00:00

devGuide

Move AI advice to AGENTS.md and add symlink from CLAUDE.md (#5914 )

2026-03-11 13:43:30 +00:00

devTools

build(deps-dev): bump stylelint from 16.26.1 to 17.4.0 in /devTools (#5822 )

2026-03-02 15:23:26 +00:00

docker

possible fix permission issues and fix thread timing issues (#6061 )

2026-04-03 16:49:16 +01:00

docs

V1 merge (#5193 )

2025-12-21 10:40:32 +00:00

engine

Add Java orchestrator to connect to the AI engine (#6003 )

2026-04-09 08:04:38 +00:00

frontend

[Aikido] Fix critical issue in axios via minor version upgrade from 1.13.6 to 1.15.0 in frontend (#6092 )

2026-04-10 09:50:05 +01:00

gradle/wrapper

fix(gradle): bump gradle jar version to 9.3.1-bin (#5938 )

2026-03-20 12:00:01 +00:00

images

Revert "[ImgBot] Optimize images" (#5293 )

2025-12-22 22:10:23 +00:00

scripts

possible fix permission issues and fix thread timing issues (#6061 )

2026-04-03 16:49:16 +01:00

testing

possible fix permission issues and fix thread timing issues (#6061 )

2026-04-03 16:49:16 +01:00

.dockerignore

Base docker image (#5958 )

2026-03-25 15:41:58 +00:00

.editorconfig

Add SaaS AI engine (#5907 )

2026-03-16 11:01:50 +00:00

.git-blame-ignore-revs

…

.gitattributes

…

.gitignore

Add Java orchestrator to connect to the AI engine (#6003 )

2026-04-09 08:04:38 +00:00

.pre-commit-config.yaml

chore(ci): refine pre-commit workflows, add TOML sorting (#5648 )

2026-02-06 11:09:04 +00:00

ADDING_TOOLS.md

refactor: remove legacy Thymeleaf web UI controllers and templates (#5406 )

2026-01-21 21:58:29 +00:00

AGENTS.md

Redesign Python AI engine (#5991 )

2026-03-26 10:35:47 +00:00

build.gradle

pipeline fixes (#6068 )

2026-04-04 10:19:38 +01:00

CLAUDE.md

Move AI advice to AGENTS.md and add symlink from CLAUDE.md (#5914 )

2026-03-11 13:43:30 +00:00

CONTRIBUTING.md

…

DATABASE.md

…

DeveloperGuide.md

tauri jdk25 and docs (#5814 )

2026-03-03 13:49:33 +00:00

FILE_SHARING.md

fileshare (#5414 )

2026-03-25 11:00:40 +00:00

gradle.properties

feat(docker): update base images to Java 25, Spring 4, Jackson 3, Gradle 9 and optimize JVM options (Project Lilliput) (#5725 )

2026-02-24 20:06:32 +00:00

gradlew

fix(gradle): bump gradle jar version to 9.3.1-bin (#5938 )

2026-03-20 12:00:01 +00:00

gradlew.bat

fix(gradle): bump gradle jar version to 9.3.1-bin (#5938 )

2026-03-20 12:00:01 +00:00

HowToUseOCR.md

…

launch4jConfig.xml

…

LICENSE

Add prototypes folder to test new functionality in (#6081 )

2026-04-09 08:21:07 +00:00

README.md

…

SECURITY.md

…

settings.gradle

chore(ci): enable Gradle dependency caching across GitHub workflows (#5400 )

2026-01-19 19:03:50 +00:00

SHARED_SIGNING.md

fileshare (#5414 )

2026-03-25 11:00:40 +00:00

test_globalsign.pdf

…

test_irs_signed.pdf

…

WINDOWS_SIGNING.md

…

README.md

Stirling PDF - The Open-Source PDF Platform

Stirling PDF is a powerful, open-source PDF editing platform. Run it as a personal desktop app, in the browser, or deploy it on your own servers with a private API. Edit, sign, redact, convert, and automate PDFs without sending documents to external services.

Key Capabilities

Everywhere you work - Desktop client, browser UI, and self-hosted server with a private API.
50+ PDF tools - Edit, merge, split, sign, redact, convert, OCR, compress, and more.
Automation & workflows - No-code pipelines direct in UI with APIs to process millions of PDFs.
Enterprise‑grade - SSO, auditing, and flexible on‑prem deployments.
Developer platform - REST APIs available for nearly all tools to integrate into your existing systems.
Global UI - Interface available in 40+ languages.

For a full feature list, see the docs: https://docs.stirlingpdf.com

Quick Start

docker run -p 8080:8080 docker.stirlingpdf.com/stirlingtools/stirling-pdf

Then open: http://localhost:8080

For full installation options (including desktop and Kubernetes), see our Documentation Guide.

Resources

Support

Community Discord
Bug Reports: Github issues

Contributing

We welcome contributions! Please see CONTRIBUTING.md for guidelines.

For development setup, see the Developer Guide.

For adding translations, see the Translation Guide.

License

Stirling PDF is open-core. See LICENSE for details.

Languages

TypeScript 47.2%

Java 44.1%

Python 2.7%

CSS 2.1%

Gherkin 1.1%

Other 2.7%

README.md Unescape Escape

Stirling PDF - The Open-Source PDF Platform

Key Capabilities

Quick Start

Resources

Support

Contributing

License

README.md