typebot.io

v3.17.0 Security

This release includes 12 security fixes for security teams reviewing exposed deployments.

Published 13d Communication & Email

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 12 known CVEs

Topics

chat-application llm conversational-bots form-builder nextjs tailwindcss

Affected surfaces

auth rbac rce_ssrf deps

ReleasePort's take

Moderate signal

editorial:auto 13d

Typebot v3.17.0 patches multiple security issues including SSRF protection, API token hashing, and webhook authorization, while introducing OpenAI-powered Ask Model actions with file search controls. Self-hosted deployments must configure SSRF_ALLOWED_HOSTS; WhatsApp integrations require immediate patching.

Why it matters: Patch immediately if using WhatsApp, webhooks, or self-hosted deployments. API token hashing strengthens credential security. Ask Model enables AI-assisted workflows for no-code users.

Summary

AI summary

Updates UI/UX Improvements, Content, and Internal across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security
Security	Medium	Fixes SSRF safe dispatcher DNS lookup handling Fixes SSRF safe dispatcher DNS lookup handling Source: llm_adapter@2026-05-21 Confidence: high	—
Security	Medium	Hashes API tokens for improved security Hashes API tokens for improved security Source: llm_adapter@2026-05-21 Confidence: high	—
Security	Medium	Fixes SSRF protection in WhatsApp status forwarding Fixes SSRF protection in WhatsApp status forwarding Source: llm_adapter@2026-05-21 Confidence: high	—
Security	Medium	Fixes WhatsApp preview webhook authorization Fixes WhatsApp preview webhook authorization Source: llm_adapter@2026-05-21 Confidence: high	—
Security	Medium	Fixes credential access control, removes vulnerable S3 endpoint Fixes credential access control, removes vulnerable S3 endpoint Source: llm_adapter@2026-05-21 Confidence: low	—
Security	Medium	Fixes SSRF bypass via DNS rebinding in HTTP flows Fixes SSRF bypass via DNS rebinding in HTTP flows Source: llm_adapter@2026-05-21 Confidence: low	—
Security	Medium	Upgrades vulnerable dependencies: ai v5, nodemailer v8, otel Upgrades vulnerable dependencies: ai v5, nodemailer v8, otel Source: llm_adapter@2026-05-21 Confidence: low	—
Security	Medium	Sanitizes CSV exports against formula injection attacks Sanitizes CSV exports against formula injection attacks Source: llm_adapter@2026-05-21 Confidence: low	—
Security	Medium	Prevents cross-typebot webhook resume IDOR vulnerability Prevents cross-typebot webhook resume IDOR vulnerability Source: llm_adapter@2026-05-21 Confidence: low	—
Security	Medium	Fixes Google Sheets OAuth callback authorization Fixes Google Sheets OAuth callback authorization Source: llm_adapter@2026-05-21 Confidence: low	—
Security	Medium	Fixes unsafe upload URL generation Fixes unsafe upload URL generation Source: llm_adapter@2026-05-21 Confidence: low	—
Feature
Feature	Medium	Adds Ask Model action using OpenAI Responses API Adds Ask Model action using OpenAI Responses API Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Adds time filter to results export Adds time filter to results export Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Adds Ask Model file search controls for OpenAI Adds Ask Model file search controls for OpenAI Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Adds SSRF_ALLOWED_HOSTS environment variable for self-hosted Adds SSRF_ALLOWED_HOSTS environment variable for self-hosted Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix
Bugfix	Medium	Fixes CSV download on R2 Fixes CSV download on R2 Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Handles GA script load failure preventing bot hang Handles GA script load failure preventing bot hang Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixes PostHog tracking by updating cookie domain Fixes PostHog tracking by updating cookie domain Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixes transcript compute crash on choice items Fixes transcript compute crash on choice items Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixes Pexels video picker infinite loading loop Fixes Pexels video picker infinite loading loop Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fixes close button position in modal Fixes close button position in modal Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Adds missing date-fns dependencies to results package Adds missing date-fns dependencies to results package Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Fixes monthly cron transaction timeout in archival Fixes monthly cron transaction timeout in archival Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Fixes WhatsApp webhook verification Fixes WhatsApp webhook verification Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Fixes PartyKit deploy workflow gate Fixes PartyKit deploy workflow gate Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor
Refactor	Medium	Adds chatbot automation blog post Adds chatbot automation blog post Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Medium	Adds WhatsApp automation chatbot blog post Adds WhatsApp automation chatbot blog post Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Medium	Updates blog post links Updates blog post links Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Medium	Removes urgent support section from help docs Removes urgent support section from help docs Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Medium	Fills common documentation gaps: logs, commands, downgrade Fills common documentation gaps: logs, commands, downgrade Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

New features

✨ Add Ask Model action using OpenAI Responses API (#2455) [20d11a5]
👌 Add time filter to results export and fix CSV download on R2 (#2449) [90bc7a9]
👌 (openai) Add Ask Model file search controls (#2483) [fa7cc8c]

UI/UX Improvements

💅 Fix close button position in modal (#2476) [53e90c4]

Fixed

🐛 Handle GA script load failure to prevent bot from hanging (#2446) [d3c15f3]
🐛 Fix PostHog tracking by updating cookie domain to typebot.com (#2447) [55b2900]
🐛 Add missing date-fns dependencies to @typebot.io/results [e1530b6]
🐛 Fix transcript compute crash on choice items with session-var display condition (#2468) [050f906]
🐛 Fix monthly cron tx timeout when deleting archived typebots (#2481) [85eb843]
🐛 Fix Pexels video picker infinite loading loop (#2479) [b72a374]
🐛 Fix WhatsApp webhook verification (#2498) [e296c87]
🐛 Fix PartyKit deploy workflow gate (#2500) [c549cec]

Security

🐛 Fix credential access control and remove vulnerable S3 upload endpoint (#2459) [7ae4c00]
🐛 Fix SSRF bypass via DNS rebinding in HTTP request and script fetch flows (#2461) [b25c41b]
🐛 Fix SSRF safe dispatcher DNS lookup handling (#2462) [892870f]
🔒️ Add SSRF_ALLOWED_HOSTS env for self-hosted internal APIs (#2474) [5b5f82d]
🔒️ Upgrade vulnerable deps (ai v5, nodemailer v8, otel sdk-node 0.217) (#2491) [6f289f6]
🔧 Hash API tokens (#2492) [fdcc178]
🐛 Sanitize CSV exports against formula injection (#2493) [89682dd]
🐛 Prevent cross-typebot webhook resume IDOR (#2494) [6f915c3]
🐛 Fix WhatsApp status forwarding SSRF protection (#2497) [30cbc61]
🐛 Fix WhatsApp preview webhook authorization (#2499) [36a6186]
🐛 Fix Google Sheets OAuth callback authorization (#2501) [c0ffd82]
🐛 Fix unsafe upload URL generation (#2502) [a64e82b]

Content

📝 Add chatbot automation blog post (#2443) [0969c4e]
📝 Add "Whatsapp Automation Chatbot" blog post (#2444) [b145784]
📝 Update blog posts links (#2445) [f9d2a75]
📝 Remove urgent support section from help docs (#2464) [da165df]
📝 Fill common docs gaps (logs, user commands, downgrade, persistent input) (#2466) [70b7fdf]
📝 Add Pro-only callout, workspace switcher doc, external messaging guide (#2470) [b9002d8]
📝 Document graph edge pitfall and theme republish requirement (#2471) [60a77f0]
📝 Document VAT ID for B2B reverse charge (#2473) [3e98f92]
📝 Document status page and analytics completion criteria (#2480) [30682a2]
📝 Add new blog posts batch (#2484) [85a1c37]
📝 Added faq dir + cover image to articles (#2485) [367de01]
📝 Update blog content (#2489) [77fd228]
📝 Add auth failure troubleshooting section to self-hosting docs (#2495) [091db9e]

Internal

🔧 Upgrade Claude Code GitHub Actions workflows (#2460) [6b30ff3]
🐛 Fix missing workspace membership check in getSheets endpoint (#2467) [91d2a98]
🐛 Fix Google Sheets picker 401 by setting Cloud Project AppId (#2486) [8e67415]
🐛 Add trigger_onepick OAuth param for Google Sheets picker (#2487) [babe333]
⏪ Revert Google Sheets picker fixes (#2486, #2487) (#2488) [67c7c86]
📝 Update commit skill and ignore .pi [060033b]
🔧 Add WhatsApp status forward URL update script (#2496) [5861031]

Security Fixes

Fix credential access control and remove vulnerable S3 upload endpoint (#2459)
Fix SSRF bypass via DNS rebinding in HTTP request and script fetch flows (#2461)
Fix SSRF safe dispatcher DNS lookup handling (#2462)
Add SSRF_ALLOWED_HOSTS env for self‑hosted internal APIs (#2474)
Upgrade vulnerable deps (ai v5, nodemailer v8, otel sdk-node 0.217) (#2491)
Hash API tokens (#2492)
Sanitize CSV exports against formula injection (#2493)
Prevent cross-typebot webhook resume IDOR (#2494)
Fix WhatsApp status forwarding SSRF protection (#2497)
Fix WhatsApp preview webhook authorization (#2499)
Fix Google Sheets OAuth callback authorization (#2501)
Fix unsafe upload URL generation (#2502)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track typebot.io

Get notified when new releases ship.

About typebot.io

Typebot is a powerful chatbot builder that you can self-host.

All releases →