You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During file downloads, youtube-dl (or the external downloaders that it invokes) may leak cookies on HTTP redirects to a different host, or when the host for fragments being downloaded differs from their parent manifest's host.
Youtube-dl users who are concerned about this issue should install a new version of the program from the nightly build repository: versions dated 2023-07-18 or later incorporate changes to remediate the issue. The next stable release will also include these remediations.
If updating is not possible, please refer to the linked advisory for suggested work-arounds.
The text was updated successfully, but these errors were encountered:
At the file download stage, all cookies are passed by youtube-dl to the file downloader as a Cookie header, thereby losing their scope.
Looks like youtube-dl version 2021.12.17 is affected, even when the cookies are passed as scoped, Netscape-formatted text file like --cookies ./cookies.txt. Right?
Can I apply the patch to my youtube-dl 2021.12.17 installation, or does it require a newer base?
During file downloads, youtube-dl (or the external downloaders that it invokes) may leak cookies on HTTP redirects to a different host, or when the host for fragments being downloaded differs from their parent manifest's host.
Please refer to this security advisory for further details.
Youtube-dl users who are concerned about this issue should install a new version of the program from the nightly build repository: versions dated 2023-07-18 or later incorporate changes to remediate the issue. The next stable release will also include these remediations.
If updating is not possible, please refer to the linked advisory for suggested work-arounds.
The text was updated successfully, but these errors were encountered: