This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+14 more
Affected surfaces
ReleasePort's take
Moderate signalThe release fixes an SSRF vulnerability in ChangeDetection.io's URL parsing via urlparse/urllib3 Parser Differential.
Why it matters: Patch to version 0.55.6 immediately if you use the ChangeDetection.io integration; the fix addresses a high‑severity (95) security issue that could allow server‑side request forgery.
Summary
AI summarySSRF vulnerability in ChangeDetection.io via urlparse/urllib3 Parser Differential fixed.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Critical |
Fixes SSRF vulnerability in ChangeDetection.io via urlparse/urllib3 Parser Differential Fixes SSRF vulnerability in ChangeDetection.io via urlparse/urllib3 Parser Differential Source: llm_adapter@2026-05-25 Confidence: high |
— |
| Feature | Low |
Adds `LLM_FEATURES_DISABLED` flag to disable all LLM features from UI and system Adds `LLM_FEATURES_DISABLED` flag to disable all LLM features from UI and system Source: llm_adapter@2026-05-25 Confidence: high |
— |
| Feature | Low |
Ensures LLM UI/blueprint code disabled when `LLM_FEATURES_DISABLED` flag is enabled Ensures LLM UI/blueprint code disabled when `LLM_FEATURES_DISABLED` flag is enabled Source: llm_adapter@2026-05-25 Confidence: high |
— |
| Dependency | Low |
Updates lint tool dennis to adopt `--strict` mode and drop false‑positive workarounds Updates lint tool dennis to adopt `--strict` mode and drop false‑positive workarounds Source: llm_adapter@2026-05-25 Confidence: high |
— |
| Bugfix | Medium |
Fixes missing `raw_diff` token in notifications Fixes missing `raw_diff` token in notifications Source: llm_adapter@2026-05-25 Confidence: high |
— |
| Bugfix | Low |
Fixes preview problem in extract_text/ignore_text UI component Fixes preview problem in extract_text/ignore_text UI component Source: llm_adapter@2026-05-25 Confidence: high |
— |
| Refactor | Low |
Refactors LLM settings using Pydantic Refactors LLM settings using Pydantic Source: llm_adapter@2026-05-25 Confidence: high |
— |
Full changelog
Security updates
Security - SSRF in ChangeDetection.io via urlparse/urllib3 Parser Differential
What's Changed
- UI - Preview problem fix for extract_text/ignore_text #4138 by @dgtlmoon in https://github.com/dgtlmoon/changedetection.io/pull/4169
- UI - LLM - Flag
LLM_FEATURES_DISABLEDto disable all LLM from the UI/system by @dgtlmoon in https://github.com/dgtlmoon/changedetection.io/pull/4171 - Notifications -
raw_difftoken was missing by @dgtlmoon in https://github.com/dgtlmoon/changedetection.io/pull/4177 - LLM UI - Blueprint/code also disabled when env flag
LLM_FEATURES_DISABLEDis enabled by @dgtlmoon in https://github.com/dgtlmoon/changedetection.io/pull/4180 - Llm settings pydantic refactor by @dgtlmoon in https://github.com/dgtlmoon/changedetection.io/pull/4181
- lint: Bump dennis — adopt
--strictmode and drop false-positive workarounds by @skkzsh in https://github.com/dgtlmoon/changedetection.io/pull/4182
Full Changelog: https://github.com/dgtlmoon/changedetection.io/compare/0.55.5...0.55.6
Security Fixes
- SSRF in ChangeDetection.io via urlparse/urllib3 Parser Differential fixed (no CVE ID provided)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About changedetection.io
Best and simplest tool for website change detection, web page monitoring, and website change alerts. Perfect for tracking content changes, price drops, restock alerts, and website defacement monitoring—all for free or enjoy our SaaS plan!
Related context
Related tools
Beta — feedback welcome: [email protected]