This update brings numerous security bug fixes, and it is recommended for all users to install.

Bug Fixes

• Added additional checks when creating/deleting history records (@GaiZhenbiao)
• Added extra checks when loading prompt templates (@GaiZhenbiao)
• Triggered exceptions if the python multipart boundary is too long to address server crashes with overly long boundaries (@GaiZhenbiao)
• Added additional checks when deleting history records (@GaiZhenbiao)
• Introduced a timeout mechanism when searching history records using regex to prevent ReDoS issues (@GaiZhenbiao)
• Added additional checks when refreshing history records (@GaiZhenbiao)
• Implemented additional sanitization when uploading history records to resolve potential XSS issues. Furthermore, the method of saving history records has been modified to exclude HTML tags (@GaiZhenbiao)
• Added checks for username validity when loading history record files (@GaiZhenbiao)
• Resolved the LFI issue when uploading history file (@GaiZhenbiao)
• Fixed the issue that any user can restart the service. Added admin_list parameter in the config. (@GaiZhenbiao)
• Resolved an issue where users could access other users' histories (@GaiZhenbiao, @Keldos-Li)

Miscellaneous

• Changed the log level of non-existent history records to debug (@GaiZhenbiao)

KNOWN ISSUES

• LaTeX rendering is disabled due to an issue in Gradio
  LaTeX rendering is disabled due to an issue in Gradio

Full Changelog: https://github.com/GaiZhenbiao/ChuanhuChatGPT/compare/20240914...20240918