Download Latest Version
runtipi-cli-linux-x86_64.tar.gz (2.5 MB)
Get an email when there's a new version of Tipi
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| runtipi-cli-linux-aarch64.tar.gz | 2026-01-29 | 2.2 MB | |
| runtipi-cli-linux-x86_64.tar.gz | 2026-01-29 | 2.5 MB | |
| README.md | 2026-01-29 | 1.4 kB | |
| v4.7.2 source code.tar.gz | 2026-01-29 | 2.2 MB | |
| v4.7.2 source code.zip | 2026-01-29 | 2.5 MB | |
| Totals: 5 Items | 9.4 MB | 2 | |
Release notes
This release addresses a critical security vulnerability involving unauthenticated path traversal and potential Remote Code Execution (RCE). We strongly recommend all users update their installations immediately.
A vulnerability was identified where the user config controller lacked proper authentication and input sanitization. This allowed an unauthenticated remote attacker to perform a path traversal attack using the :urn parameter.
By sending a specially crafted request, an attacker could bypass intended directory restrictions and overwrite the main docker-compose.yml file. If the system was subsequently restarted by an operator without using the cli, the malicious configuration could execute arbitrary code.
Related security advisory: https://github.com/runtipi/runtipi/security/advisories/GHSA-mwg8-x997-cqw6
Huge thank you to @KKC73 for reporting theses vulnerabilities responsibly and making the runtipi community safer.
Changes
All the code path that were using user provided values have been hardened to be properly sanitized.
How to update
From the root folder of your runtipi install
./runtipi-cli update v4.7.2
If you are coming from version 3 or lower please follow the migration guide
Please report any issue you encounter so we can fix it in a timely manner.
