Security policy is updated.

* Allows the download of models that belong to the whitelist even at the 'normal' security level
ltdrdata · Jul 23, 2024 · 0b3edc3 · 0b3edc3
1 parent 35f077c
commit 0b3edc3
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -5,6 +5,7 @@
 ![menu](misc/menu.jpg)
 
 ## NOTICE
+* V2.48.1: Security policy has been changed. Downloads of models in the list are allowed under the 'normal' security level.
 * V2.47: Security policy has been changed. The former 'normal' is now 'normal-', and 'normal' no longer allows high-risk features, even if your ComfyUI is local.
 * V2.37 Show a ✅ mark to accounts that have been active on GitHub for more than six months.
 * V2.33 Security policy is applied.

diff --git a/glob/manager_core.py b/glob/manager_core.py
@@ -23,7 +23,7 @@
 import cm_global
 from manager_util import *
 
-version = [2, 48]
+version = [2, 48, 1]
 version_str = f"V{version[0]}.{version[1]}" + (f'.{version[2]}' if len(version) > 2 else '')
 
 

diff --git a/glob/manager_server.py b/glob/manager_server.py
@@ -990,8 +990,17 @@ async def install_model(request):
         return web.Response(status=403)
 
     if not json_data['filename'].endswith('.safetensors') and not is_allowed_security_level('high'):
-        print(f"ERROR: To use this feature, you must either set '--listen' to a local IP and set the security level to 'normal-' or lower, or set the security level to 'middle' or 'weak'. Please contact the administrator.")
-        return web.Response(status=403)
+        models_json = await core.get_data_by_mode('cache', 'model-list.json')
+
+        is_belongs_to_whitelist = False
+        for x in models_json['models']:
+            if x.get('url') == json_data['url']:
+                is_belongs_to_whitelist = True
+                break
+
+        if not is_belongs_to_whitelist:
+            print(f"ERROR: To use this feature, you must either set '--listen' to a local IP and set the security level to 'normal-' or lower, or set the security level to 'middle' or 'weak'. Please contact the administrator.")
+            return web.Response(status=403)
 
     res = False
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,7 +1,7 @@
 [project]
 name = "comfyui-manager"
 description = "ComfyUI-Manager provides features to install and manage custom nodes for ComfyUI, as well as various functionalities to assist with ComfyUI."
-version = "2.48"
+version = "2.48.1"
 license = "LICENSE"
 dependencies = ["GitPython", "PyGithub", "matrix-client==0.4.0", "transformers", "huggingface-hub>0.20", "typer", "rich", "typing-extensions"]