Skip to content

MoneyPrinterTurbo

v1.2.8 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 6d Developer Productivity
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai automation chatgpt moviepy python shortvideo
+1 more
tiktok

Affected surfaces

auth crypto_tls

Summary

AI summary

Updates Bug Fixes, Highlights, and Security And Hardening across a mixed release.

Changes in this release

Security High

Hardens task folder opening and path validation to prevent injection attacks.

Hardens task folder opening and path validation to prevent injection attacks.

Source: llm_adapter@2026-05-28

Confidence: high
Security High

Restores TLS verification for all external material and API requests.

Restores TLS verification for all external material and API requests.

Source: llm_adapter@2026-05-28

Confidence: high
Security Medium

Hardens LiteLLM response parsing for empty choices/messages.

Hardens LiteLLM response parsing for empty choices/messages.

Source: granite4.1:30b@2026-05-28-audit

Confidence: low
Security Medium

Hardens uploaded/retrieved media file path handling.

Hardens uploaded/retrieved media file path handling.

Source: granite4.1:30b@2026-05-28-audit

Confidence: low
Security Medium

Adds task queue bounds and safer queue behavior.

Adds task queue bounds and safer queue behavior.

Source: granite4.1:30b@2026-05-28-audit

Confidence: low
Feature Low

Adds LiteLLM provider support for 100+ compatible model gateways.

Adds LiteLLM provider support for 100+ compatible model gateways.

Source: llm_adapter@2026-05-28

Confidence: high
Feature Low

Adds Grok/xAI provider support via existing OpenAI-compatible LLM path.

Adds Grok/xAI provider support via existing OpenAI-compatible LLM path.

Source: llm_adapter@2026-05-28

Confidence: high
Feature Low

Adds WebUI support for uploading custom audio and generating video from local narration.

Adds WebUI support for uploading custom audio and generating video from local narration.

Source: llm_adapter@2026-05-28

Confidence: high
Performance Medium

Improves Gemini TTS and Edge subtitle compatibility after dependency updates.

Improves Gemini TTS and Edge subtitle compatibility after dependency updates.

Source: llm_adapter@2026-05-28

Confidence: high
Performance Low

Improves Windows portable updater and Azure TTS compatibility.

Improves Windows portable updater and Azure TTS compatibility.

Source: granite4.1:30b@2026-05-28-audit

Confidence: low
Deprecation Low

Disables risky g4f usage by default; moves it behind an optional dependency path.

Disables risky g4f usage by default; moves it behind an optional dependency path.

Source: granite4.1:30b@2026-05-28-audit

Confidence: low
Bugfix Medium

Fixes Azure LLM provider routing to use the Azure client path correctly.

Fixes Azure LLM provider routing to use the Azure client path correctly.

Source: llm_adapter@2026-05-28

Confidence: high
Bugfix Medium

Fixes subtitle splitting to preserve numbers with thousands separators (e.g., 1,000).

Fixes subtitle splitting to preserve numbers with thousands separators (e.g., 1,000).

Source: llm_adapter@2026-05-28

Confidence: high
Bugfix Medium

Fixes Redis task pagination and task state listing behavior.

Fixes Redis task pagination and task state listing behavior.

Source: llm_adapter@2026-05-28

Confidence: high
Bugfix Medium

Fixes bundled ffmpeg discovery for video concatenation.

Fixes bundled ffmpeg discovery for video concatenation.

Source: llm_adapter@2026-05-28

Confidence: high
Bugfix Low

Closes audio clips after duration probing to avoid file handle leaks.

Closes audio clips after duration probing to avoid file handle leaks.

Source: granite4.1:30b@2026-05-28-audit

Confidence: low
Bugfix Low

Suppresses noisy MoviePy probing output during material inspection.

Suppresses noisy MoviePy probing output during material inspection.

Source: granite4.1:30b@2026-05-28-audit

Confidence: low
Bugfix Low

Adds timeout handling for hanging Edge TTS streams.

Adds timeout handling for hanging Edge TTS streams.

Source: granite4.1:30b@2026-05-28-audit

Confidence: low
Bugfix Low

Restores Gemini TTS subtitle generation when using the edge subtitle provider.

Restores Gemini TTS subtitle generation when using the edge subtitle provider.

Source: granite4.1:30b@2026-05-28-audit

Confidence: low
Full changelog

MoneyPrinterTurbo v1.2.8

This release collects the bug fixes, provider additions, security hardening, deployment fixes, and PRs merged since v1.2.7.

Highlights

  • Added LiteLLM provider support for 100+ compatible model gateways.
  • Added Grok/xAI provider support through the existing OpenAI-compatible LLM path.
  • Added WebUI support for uploading custom audio and generating a video from local narration.
  • Improved Gemini TTS and Edge subtitle compatibility after recent dependency updates.
  • Fixed Azure LLM provider routing so AzureOpenAI requests use the Azure client path correctly.
  • Updated the Google Colab notebook to use an isolated uv environment and avoid Colab global dependency conflicts.

Bug Fixes

  • Fixed subtitle splitting so numbers with thousands separators such as 1,000 are preserved.
  • Fixed Redis task pagination and task state listing behavior.
  • Fixed bundled ffmpeg discovery for video concatenation.
  • Closed audio clips after duration probing to avoid file handle leaks.
  • Suppressed noisy MoviePy probing output during material inspection.
  • Added timeout handling for hanging Edge TTS streams.
  • Hardened LiteLLM response parsing for empty choices/messages.
  • Improved Windows portable updater and Azure TTS compatibility.
  • Restored Gemini TTS subtitle generation when using the edge subtitle provider.

Security And Hardening

  • Hardened task folder opening and path validation.
  • Hardened uploaded/retrieved media file path handling.
  • Added task queue bounds and safer queue behavior.
  • Restored TLS verification for external material/API requests.
  • Disabled risky g4f usage by default and moved it behind an explicit optional dependency path.
  • Added focused regression tests for file path, task state, LLM, material, video, and voice behavior.

Documentation And Deployment

  • Added a system requirements matrix to the README.
  • Fixed README typos in Chinese and English docs.
  • Allowed Redis host override in Docker deployments.
  • Updated Colab setup to use uv sync --frozen --python 3.11 and launch Streamlit through uv run.

Merged PRs

  • #861 Docker Redis host override.
  • #891 README typo fix.
  • #897 regression test for video_transition_mode=None.
  • #900 README-en typo fix.
  • #903 Grok provider support.

Validation

Before tagging this release:

uv lock --check
uv run python -m unittest test.services.test_llm test.services.test_video.TestVideoService.test_combine_videos_handles_none_transition_mode test.services.test_voice.TestVoiceService.test_edge_cue_aggregation_handles_thousand_separator_comma
uv run python -m compileall app webui

Security Fixes

  • Hardened task folder opening, uploaded media file path handling, TLS verification for external requests, and disabled risky g4f usage by default
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track MoneyPrinterTurbo

Get notified when new releases ship.

Sign up free

About MoneyPrinterTurbo

All releases →

Related context

Beta — feedback welcome: [email protected]