Skip to content

chore(deps): bump crawl4ai from 0.8.6 to 0.9.0#50

Merged
Sam-Aitech merged 1 commit into
mainfrom
dependabot/uv/crawl4ai-0.8.9
Jun 19, 2026
Merged

chore(deps): bump crawl4ai from 0.8.6 to 0.9.0#50
Sam-Aitech merged 1 commit into
mainfrom
dependabot/uv/crawl4ai-0.8.9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 14, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps crawl4ai from 0.8.6 to 0.9.0.

Release notes

Sourced from crawl4ai's releases.

Release v0.9.0

🎉 Crawl4AI v0.9.0 Released!

📦 Installation

PyPI:

pip install crawl4ai==0.9.0

Docker:

docker pull unclecode/crawl4ai:0.9.0
docker pull unclecode/crawl4ai:latest

Note: Docker images are being built and will be available shortly. Check the Docker Release workflow for build status.

📝 What's Changed

See CHANGELOG.md for details.

Release v0.8.9

🎉 Crawl4AI v0.8.9 Released!

📦 Installation

PyPI:

pip install crawl4ai==0.8.9

Docker:

docker pull unclecode/crawl4ai:0.8.9
docker pull unclecode/crawl4ai:latest

Note: Docker images are being built and will be available shortly. Check the Docker Release workflow for build status.

📝 What's Changed

See CHANGELOG.md for details.

Release v0.8.8

🎉 Crawl4AI v0.8.8 Released!

📦 Installation

PyPI:

... (truncated)

Changelog

Sourced from crawl4ai's changelog.

[0.9.0] - 2026-06-18

0.9.0 is a major, secure-by-default release of the Crawl4AI Docker API server. The out-of-the-box deployment is now hardened with defense in depth: authentication is on by default, the server binds loopback unless you give it a token, and the network request body is treated as an untrusted trust boundary. This release contains breaking changes for the self-hosted HTTP server only. The core pip library (SDK / in-process use) is unchanged.

What changed: the Docker server moved from an open, trust-the-caller posture to a closed, secure-by-default one. Defaults that used to be permissive (open bind, no auth, request-supplied browser internals, TLS verification off, Redis with no password) are now safe by default and gated behind explicit configuration.

What you must do: set CRAWL4AI_API_TOKEN and re-issue any tokens, then review whether you relied on any of the request fields or features that are now configured server-side. Most plain "crawl these URLs" users only need the two steps in the "Everyone" section of the migration guide. The full guide is at deploy/docker/MIGRATION.md.

Security

This release completes the secure-by-default hardening of the Docker API server begun in 0.8.7 and 0.8.8. It moves the worst remaining issues from mitigation to architecture: unauthenticated access and request-supplied code/config are eliminated by design rather than patched in place. Every change is hardening; users self-hosting the Docker server should upgrade and follow the migration guide.

  • Authentication on by default, loopback bind: the server no longer serves an unauthenticated API on 0.0.0.0. With no token it binds 127.0.0.1 and prints a one-off local token; exposing it requires CRAWL4AI_API_TOKEN and Authorization: Bearer <token> on every request except GET /health.
  • Request trust boundary: a crawl request body now carries declarative, scalar options only. Fields that previously let a caller drive browser internals or arbitrary code are rejected at the network boundary.
  • Declarative hooks replace hook code: arbitrary Python hook strings are replaced by a fixed set of declarative actions, removing request-supplied code from the server entirely.
  • Strengthened JWT, admin-scoped monitor actions, deny-by-default CORS, strict security headers, TLS verification on, password-protected loopback-only Redis, bounded job queue, generic error responses with correlation ids, and validated webhook headers round out the defense-in-depth posture. See the migration guide for the full list.
  • Download path confinement (CWE-22): both download sinks now confine writes with basename plus realpath plus O_NOFOLLOW, closing a path-traversal-to-file-write class. Credit: Y4tacker.
  • SSRF destination validation on the streaming crawl path (CWE-918): /crawl/stream and /crawl with stream=true now validate the destination and return HTTP 400 for disallowed targets, matching the non-streaming handlers. Credit: KOH Jun Sheng.
  • Request-supplied browser_config.extra_args rejected (CWE-94): launch arguments can no longer be supplied over the network, closing a Chromium launch-arg injection class. Credit: Y4tacker, UDU_RisePho (hoanggxyuuki).

All reporters are credited in SECURITY-CREDITS.md. GitHub Security Advisories accompany this release.

Breaking Changes

These apply to the self-hosted Docker API server only. The pip library is unaffected. See deploy/docker/MIGRATION.md for the step-by-step migration and deploy/docker/SECURITY-VERIFY.md for the deployment checklist.

  • Auth is on by default: set CRAWL4AI_API_TOKEN and send Authorization: Bearer <token>. With no token the server binds loopback only.
  • Loopback bind by default: the server no longer binds 0.0.0.0 without a token; put a TLS-terminating reverse proxy in front when you expose it.
  • Tokens must be re-issued: the JWT implementation changed and tokens from older versions are no longer valid. Re-mint via POST /token.
  • Request trust boundary: js_code, js_code_before_wait, c4a_script, proxy / proxy_config, extra_args, user_data_dir, cdp_url, cookies, headers, init_scripts, base_url, deep_crawl_strategy, simulate_user, magic, process_in_browser, and nested LLM config objects are rejected with HTTP 400 when sent over the network. Configure them server-side or use the in-process SDK. Unknown fields are dropped; timeouts, viewport, and scroll counts are clamped.
  • Hooks are declarative: hooks.code is replaced by a fixed action set (block_resources, add_cookies, set_headers, scroll_to_bottom, wait_for_timeout). See GET /hooks/info.
  • output_path removed, replaced by an artifact id: /screenshot and /pdf store the result and return artifact_id + URL; fetch via authenticated GET /artifacts/{artifact_id} (TTL and quota apply).
  • LLM base_url removed: /md, /llm, and /llm/job select a provider by name only; endpoint and key are configured server-side and constrained by config.llm.allowed_providers.
  • Monitor actions require an admin token: POST /monitor/actions/* and /monitor/stats/reset need an admin-scope principal.
  • CORS deny-by-default: cross-origin browser requests are denied unless listed in security.cors_allow_origins.
  • TLS verification on: self-signed / internal TLS targets fail by default. Escape hatches for trusted internal testing: CRAWL4AI_ALLOW_INSECURE_TLS=true, CRAWL4AI_ALLOW_INTERNAL_URLS=true.
  • Webhook headers validated: malformed or hop-by-hop / sensitive headers are rejected with HTTP 422.
  • Redis requires a password: in-container Redis is loopback-only, password-protected, and its port is no longer published. For external Redis set REDIS_PASSWORD.
  • Bounded background job queue: request body size, per-crawl wall clock, queue size, and per-principal concurrency are now capped (configurable; 0 = unbounded).
  • Generic 5xx responses: server errors return {"error": "Internal server error", "correlation_id": "…"}; match the id in the logs for detail.

Security Credits

Y4tacker, KOH Jun Sheng, and UDU_RisePho (hoanggxyuuki). See SECURITY-CREDITS.md.

[0.8.9] - 2026-06-04

0.8.9 is a follow-up, backward-compatible security patch for the self-hosted Docker API server, closing an SSRF path that 0.8.8 did not cover. Upgrade in place; no configuration changes required.

Security

... (truncated)

Commits
  • c66f327 docs(0.9.0): flag secure-by-default changes on the self-hosting page
  • 60886d1 release: merge 0.9.0 secure-by-default Docker server hardening into develop
  • dc5e2a8 fix(deep-crawl): best_first keeps boundary page at max_pages (#859)
  • cdf2ead security: patch proxy SSRF in Docker server (0.8.9)
  • 930dc0a security(credits): credit Geo (geo-chen) for 0.8.8 base_url exfil; update sec...
  • 5d3d0fe docs: 0.8.8 release notes, changelog, README; pre-announce next secure-by-def...
  • aa81e8f security: non-breaking hardening patch (0.8.8)
  • 72fd78e chore: gitignore out/ local pipeline output
  • 7259d73 security(credits): credit IcySun & Yashon (co-reporter) per their request
  • 7b280d3 chore: gitignore .security/ - advisory payloads stay private, published via G...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 14, 2026
@dependabot dependabot Bot requested a review from Sam-Aitech as a code owner June 14, 2026 03:13
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 14, 2026
@socket-security

socket-security Bot commented Jun 14, 2026
edited
Loading

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedpypi/​crawl4ai@​0.8.6 ⏵ 0.9.079 +3100 +75100100100

View full report

@github-actions

github-actions Bot commented Jun 14, 2026

Copy link
Copy Markdown

Dependency audit failed

audit-ci detected high/critical vulnerabilities.

Failing CVEs / advisories

@Sam-Aitech Sam-Aitech mentioned this pull request Jun 19, 2026
Merged
4 tasks
@Sam-Aitech

Sam-Aitech commented Jun 19, 2026

Copy link
Copy Markdown
Owner

@dependabot rebase

@dependabot dependabot Bot changed the title chore(deps): bump crawl4ai from 0.8.6 to 0.8.9 chore(deps): bump crawl4ai from 0.8.6 to 0.9.0 Jun 19, 2026
@dependabot
chore(deps): bump crawl4ai from 0.8.6 to 0.9.0
df26b24 
Bumps [crawl4ai](https://github.com/unclecode/crawl4ai) from 0.8.6 to 0.9.0.
- [Release notes](https://github.com/unclecode/crawl4ai/releases)
- [Changelog](https://github.com/unclecode/crawl4ai/blob/main/CHANGELOG.md)
- [Commits](unclecode/crawl4ai@v0.8.6...v0.9.0)

---
updated-dependencies:
- dependency-name: crawl4ai
  dependency-version: 0.8.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/crawl4ai-0.8.9 branch from 8608ec1 to df26b24 Compare June 19, 2026 03:47
@Sam-Aitech Sam-Aitech merged commit 26b55ad into main Jun 19, 2026
13 checks passed
@Sam-Aitech Sam-Aitech deleted the dependabot/uv/crawl4ai-0.8.9 branch June 19, 2026 03:55
@sonarqubecloud

sonarqubecloud Bot commented Jun 19, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Sam-Aitech Sam-Aitech Awaiting requested review from Sam-Aitech Sam-Aitech is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Sam-Aitech