From 0b3edc3449070ec42d9c973e16a0bd7d189cbf14 Mon Sep 17 00:00:00 2001 From: "Dr.Lt.Data" Date: Wed, 24 Jul 2024 00:37:19 +0900 Subject: [PATCH] Security policy is updated. * Allows the download of models that belong to the whitelist even at the 'normal' security level --- README.md | 1 + glob/manager_core.py | 2 +- glob/manager_server.py | 13 +++++++++++-- pyproject.toml | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 83282239..51a47c3d 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ ![menu](misc/menu.jpg) ## NOTICE +* V2.48.1: Security policy has been changed. Downloads of models in the list are allowed under the 'normal' security level. * V2.47: Security policy has been changed. The former 'normal' is now 'normal-', and 'normal' no longer allows high-risk features, even if your ComfyUI is local. * V2.37 Show a ✅ mark to accounts that have been active on GitHub for more than six months. * V2.33 Security policy is applied. diff --git a/glob/manager_core.py b/glob/manager_core.py index 7997a733..cd0ca830 100644 --- a/glob/manager_core.py +++ b/glob/manager_core.py @@ -23,7 +23,7 @@ sys.path.append(glob_path) import cm_global from manager_util import * -version = [2, 48] +version = [2, 48, 1] version_str = f"V{version[0]}.{version[1]}" + (f'.{version[2]}' if len(version) > 2 else '') diff --git a/glob/manager_server.py b/glob/manager_server.py index c041368d..b6b4a2d7 100644 --- a/glob/manager_server.py +++ b/glob/manager_server.py @@ -990,8 +990,17 @@ async def install_model(request): return web.Response(status=403) if not json_data['filename'].endswith('.safetensors') and not is_allowed_security_level('high'): - print(f"ERROR: To use this feature, you must either set '--listen' to a local IP and set the security level to 'normal-' or lower, or set the security level to 'middle' or 'weak'. Please contact the administrator.") - return web.Response(status=403) + models_json = await core.get_data_by_mode('cache', 'model-list.json') + + is_belongs_to_whitelist = False + for x in models_json['models']: + if x.get('url') == json_data['url']: + is_belongs_to_whitelist = True + break + + if not is_belongs_to_whitelist: + print(f"ERROR: To use this feature, you must either set '--listen' to a local IP and set the security level to 'normal-' or lower, or set the security level to 'middle' or 'weak'. Please contact the administrator.") + return web.Response(status=403) res = False diff --git a/pyproject.toml b/pyproject.toml index 352c6a10..587a6445 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,7 +1,7 @@ [project] name = "comfyui-manager" description = "ComfyUI-Manager provides features to install and manage custom nodes for ComfyUI, as well as various functionalities to assist with ComfyUI." -version = "2.48" +version = "2.48.1" license = "LICENSE" dependencies = ["GitPython", "PyGithub", "matrix-client==0.4.0", "transformers", "huggingface-hub>0.20", "typer", "rich", "typing-extensions"]