Skip to content

1.11.0

Compare
Choose a tag to compare
@github-actions github-actions released this 30 Jan 16:44
· 1 commit to ls-release/1.11.0 since this release
a9766f0

🌟 What's New

🎉 New Features

Consolidated Label Studio Codebase

This release introduces a simplified Label Studio repository structure.

Previously, the Label Studio frontend and Data Manager codebases were each located in a separate repository: label-studio-frontend and dm2. Starting with this release, the Label Studio Frontend and Data Manager code will be updated and maintained in the main label-studio repository.

The Label Studio Frontend code is now located in the label-studio repository under web/libs/editor, and the Data Manager code can be found under web/libs/datamanager. For more information, see our contributing guide.

This consolidated codebase has many benefits, including streamlined and simplified workflows, increased efficiency when performing cross-component changes, and improved navigation. Most importantly, a unified codebase will make it easier for our Open Source community to navigate and understand the Label Studio code architecture, lowering the barrier to entry for new contributors. (#5154)

🔐 Security

  • This release includes several measures to increase SSRF protection (#5316), which address CVE-2023-47116 (#5316):
    • When SSRF_PROTECTION_ENABLED is set to true (note that it defaults to false), our new default is to ban all IPs within reserved blocks, for both IPv4 and IPv6.
    • We are introducing two new environment variables, to be used in conjunction with SSRF_PROTECTION_ENABLED=true:
      USER_ADDITIONAL_BANNED_SUBNETS — Use this to specify additional IP addresses or CIDR blocks to ban from server-side requests (e.g. the URL-based file uploader).
      USE_DEFAULT_BANNED_SUBNETS — This is set to True by default. If you would like to have full control over banned subnets, you can set this to False and use USER_ADDITIONAL_BANNED_SUBNETS to specify all the IP addresses / CIDR blocks you’d like to disallow instead.
    • We have also improved our error messages to make it clearer when an action is being blocked due to SSRF protections.
  • Implemented comprehensive HTML sanitization to safeguard against vulnerabilities and ensure a secure user experience. This addresses CVE-2024-26152. (#5232)
  • Addressed several vulnerabilities found in the npm-axios package. (#5229)

🐞 Bug Fixes

  • Fixed an issue where Label Studio crashed when configuring multiple hotkeys using the hotkey="," format. (#5240)
  • Fixed an issue where credential validation was failing in the Label Studio interface for cloud storages configured using SDK. (#5228)
  • Fixed an issue where cancelled and updated annotations were not recalculating is_labeled and other counters. (#4472)
  • Fixed an issue where annotation drafts were not changing when switching to view all mode. (#5141)
  • Fixed an issue where users would encounter an error when using the Storage filename filter in the Data Manager. (#5289)
  • Fixed an issue where users were unable to use the View all annotations option when the project included images that had an empty URL. (#5245)
  • Fixed an issue where relations were not displayed if they were added by a user while reviewing a task. (#5140)
  • Fixed an issue where users were seeing the Comments tab (an Enterprise-only feature) when resizing their screen. (#5230)

🤩 Contributors