Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted "file://" URIs enabling local file system access when "enable_local_fetch=True" - Path resolution allowed traversal outside intended directories via "../" sequences and absolute paths - Did not block internal network resources under "enable_remote_fetch=True" - HTTP redirects were not validated, potentially redirecting to unintended schemes - No resource limits for remote image downloads and "data:" URIs Patches Fixed in versions 2.91.0 (initial fixes) and 2.94.0 (additional improvements). The fixes implement: - Updated local path treatment: absolute files always blocked, relative paths require "enable_local_fetch=True" (default: False) and containment within configured "base_path" for path traversal protection - "file://" scheme stripped & treated as local path (above) - IP address validation to prevent SSRF - HTTP redirect validation, connection and read timeouts - Size limit for both remote images (with streaming download) and base64-decoded data URIs Workarounds Keep both "enable_local_fetch=False" and "enable_remote_fetch=False" (defaults) when processing untrusted HTML documents. References - Initial fixes: "v2.91.0" (https://github.com/docling-project/docling/releases/tag/v2.91.0) - Additional improvements: "v2.94.0" (https://github.com/docling-project/docling/releases/tag/v2.94.0)