Security policy changed.

'normal' is changed to 'normal-' and 'normal-' doesn't allow high-security features even if ComfyUI is running with local hosting.
ltdrdata · Jul 21, 2024 · 50b9844 · 50b9844 · ltdrdata · Jul 21, 2024
1 parent a580a5a
commit 50b9844
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -5,6 +5,7 @@
 ![menu](misc/menu.jpg)
 
 ## NOTICE
+* V2.47: Security policy has been changed. The former 'normal' is now 'normal-', and 'normal' no longer allows high-risk features, even if your ComfyUI is local.
 * V2.37 Show a ✅ mark to accounts that have been active on GitHub for more than six months.
 * V2.33 Security policy is applied.
 * V2.21 [cm-cli](docs/en/cm-cli.md) tool is added.
@@ -350,6 +351,9 @@ When you run the `scan.sh` script:
     * `strong`
       * doesn't allow `high` and `middle` level risky feature
     * `normal`
+      * doesn't allow `high` level risky feature
+      * `middle` level risky feature is available
+    * `normal-`
       * doesn't allow `high` level risky feature if `--listen` is specified and not starts with `127.`
       * `middle` level risky feature is available
     * `weak`

diff --git a/glob/manager_core.py b/glob/manager_core.py
@@ -23,7 +23,7 @@
 import cm_global
 from manager_util import *
 
-version = [2, 46, 5]
+version = [2, 47]
 version_str = f"V{version[0]}.{version[1]}" + (f'.{version[2]}' if len(version) > 2 else '')
 
 

diff --git a/glob/manager_server.py b/glob/manager_server.py
@@ -48,11 +48,11 @@ def handle_stream(stream, prefix):
 def is_allowed_security_level(level):
     if level == 'high':
         if is_local_mode:
-            return core.get_config()['security_level'].lower() in ['weak', 'normal']
+            return core.get_config()['security_level'].lower() in ['weak', 'normal-']
         else:
             return core.get_config()['security_level'].lower() == 'weak'
     elif level == 'middle':
-        return core.get_config()['security_level'].lower() in ['weak', 'normal']
+        return core.get_config()['security_level'].lower() in ['weak', 'normal', 'normal-']
     else:
         return True
 
@@ -858,7 +858,7 @@ async def fix_custom_node(request):
 @PromptServer.instance.routes.post("/customnode/install/git_url")
 async def install_custom_node_git_url(request):
     if not is_allowed_security_level('high'):
-        print(f"ERROR: To use this feature, you must set '--listen' to a local IP and set the security level to 'middle' or 'weak'. Please contact the administrator.")
+        print(f"ERROR: To use this feature, you must either set '--listen' to a local IP and set the security level to 'normal-' or lower, or set the security level to 'middle' or 'weak'. Please contact the administrator.")
         return web.Response(status=403)
 
     url = await request.text()
@@ -874,7 +874,7 @@ async def install_custom_node_git_url(request):
 @PromptServer.instance.routes.post("/customnode/install/pip")
 async def install_custom_node_git_url(request):
     if not is_allowed_security_level('high'):
-        print(f"ERROR: To use this feature, you must set '--listen' to a local IP and set the security level to 'middle' or 'weak'. Please contact the administrator.")
+        print(f"ERROR: To use this feature, you must either set '--listen' to a local IP and set the security level to 'normal-' or lower, or set the security level to 'middle' or 'weak'. Please contact the administrator.")
         return web.Response(status=403)
 
     packages = await request.text()
@@ -990,7 +990,7 @@ async def install_model(request):
         return web.Response(status=403)
 
     if not json_data['filename'].endswith('.safetensors') and not is_allowed_security_level('high'):
-        print(f"ERROR: To use this feature, you must set '--listen' to a local IP and set the security level to 'middle' or 'weak'. Please contact the administrator.")
+        print(f"ERROR: To use this feature, you must either set '--listen' to a local IP and set the security level to 'normal-' or lower, or set the security level to 'middle' or 'weak'. Please contact the administrator.")
         return web.Response(status=403)
 
     res = False
@@ -1040,7 +1040,7 @@ def write_stdout(self, msg):
 @PromptServer.instance.routes.get("/manager/terminal")
 async def terminal_mode(request):
     if not is_allowed_security_level('high'):
-        print(f"ERROR: To use this action, a security_level of `weak` is required. Please contact the administrator.")
+        print(f"ERROR: To use this feature, you must either set '--listen' to a local IP and set the security level to 'normal-' or lower, or set the security level to 'middle' or 'weak'. Please contact the administrator.")
         return web.Response(status=403)
 
     if "mode" in request.rel_url.query:

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,7 +1,7 @@
 [project]
 name = "comfyui-manager"
 description = "ComfyUI-Manager provides features to install and manage custom nodes for ComfyUI, as well as various functionalities to assist with ComfyUI."
-version = "2.46.5"
+version = "2.47"
 license = "LICENSE"
 dependencies = ["GitPython", "PyGithub", "matrix-client==0.4.0", "transformers", "huggingface-hub>0.20", "typer", "rich", "typing-extensions"]