update version 6.10.4

ildyria · ildyria · commit e16a18b6f32d · 2025-12-12T13:04:38.000+01:00
diff --git a/docs/releases.md b/docs/releases.md
@@ -30,6 +30,25 @@
 
 ## Version 6
 
+### v6.10.4
+
+Released on Dec 11th, 2025
+
+#### Minor Reflected SSRF fix
+
+We have been reported (CVE incomming) that a minor SSRF vulnerability was still present in Lychee.
+The patch from v6.6.13 did not fully mitigate the issue as an edge cases as not considered.
+The validation is done on the first URL, however if the URL is redirected, the redirection target was not validated against local network etc.
+
+A big thanks to TableBasse, midfirewear, and petouha for reporting this vulnerability to us.
+
+#### Most notable changes
+
+* Mitigate small SSRF by @ildyria in https://github.com/LycheeOrg/Lychee/pull/3861
+
+
+**Full Changelog**: https://github.com/LycheeOrg/Lychee/compare/v6.10.3...v6.10.4
+
 ### v6.10.3
 
 Released on Dec 4th, 2025
diff --git a/src/components/widgets/Announcement.astro b/src/components/widgets/Announcement.astro
@@ -10,11 +10,11 @@
     >NEW</span
   >
   <a
-    href="https://github.com/LycheeOrg/Lychee/releases/tag/v6.10.3"
-    class="text-slate-200 hover:underline dark:text-slate-200 font-medium">Lychee 6.10.3 is now available! »</a
+    href="https://github.com/LycheeOrg/Lychee/releases/tag/v6.10.4"
+    class="text-slate-200 hover:underline dark:text-slate-200 font-medium">Lychee 6.10.4 is now available! »</a
   >
   <!-- <a
-    href="https://github.com/LycheeOrg/Lychee/releases/tag/v6.10.3"
+    href="https://github.com/LycheeOrg/Lychee/releases/tag/v6.10.4"
     class="text-slate-200 hover:underline dark:text-slate-200 font-medium"><span class="text-red-500 font-bold">CVSS 7.5 in Lychee [6.6.6 to 6.6.9], update as soon as possible!</span> Lychee v6.9.1 is now available! »</a
   > -->
   <a
