Update version 6.10.4

[ildyria]

Summary by CodeRabbit

• Bug Fixes

  • Fixed a Minor Reflected SSRF issue addressing an uncovered edge case.

• New Features

  • Added an expert configuration option to disable redirects when importing from a URL.

• Documentation

  • Added v6.10.4 release notes (Dec 11, 2025), updated announcement links and full changelog link.

• Acknowledgements

  • Reporters of the issue have been credited.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a v6.10.4 release entry to the changelog describing a Minor Reflected SSRF fix and updates the announcement widget to reference v6.10.4.

Changes

Cohort / File(s)	Summary
Release Documentation docs/releases.md	Added v6.10.4 release entry dated Dec 11, 2025, documenting a "Minor Reflected SSRF fix", expert-config note about disabling redirects when importing from URL, credits to reporters, a "Most notable changes" item, and a full changelog link.
Announcement Component src/components/widgets/Announcement.astro	Bumped visible and commented version references from v6.10.3 to v6.10.4 (updated href URLs and display text).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Small, localized textual changes across two files.
• Pay attention to the exact wording and links in docs/releases.md and the href/display text consistency in Announcement.astro.

Poem

🐇 A little rabbit hops with glee,
v6.10.4 now on the tree,
SSRF edges tucked away,
Notes and banner updated today,
Hooray for tiny fixes — whee! ✨

Pre-merge checks

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

src/components/widgets/Announcement.astro (1)

12-15: Release link update looks correct; consider consistent external-link behavior.
The updated tag URL and text match v6.10.4. If you intend external GitHub links to open in a new tab (like the stars badge link does), consider adding target="_blank" + rel="noopener" here too for consistency.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3cd684d and e16a18b.

📒 Files selected for processing (2)

• docs/releases.md (1 hunks)
• src/components/widgets/Announcement.astro (1 hunks)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

docs/releases.md (1)

39-41: Minor grammar refinements needed for release note clarity (user-facing documentation).

The security section has improved since the previous review, but two small issues remain:

1. Line 39: "We have been reported" is passive and awkward. Consider: "We were notified" or "A vulnerability was reported to us."

2. Line 41: "...against local network etc." is informal for a security advisory. Consider: "...against local networks and similar targets" or expand the thought to be more explicit about what "etc." covers.

These are minor polish issues for a user-facing release document where clarity is important.

-We have been reported (CVE incoming) that a minor SSRF vulnerability was still present in Lychee.
+We were notified (CVE incoming) that a minor SSRF vulnerability was still present in Lychee.

-Validation is done on the initial URL; however, if the URL is redirected, the redirection target was not validated against local network etc.
+Validation is done on the initial URL; however, if the URL is redirected, the redirection target was not validated against local networks and similar internal resources.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e16a18b and 676329f.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• docs/releases.md (1 hunks)

🔇 Additional comments (1)

docs/releases.md (1)

33-53: Release entry is well-structured and addresses previous review feedback.

The v6.10.4 security note has incorporated most corrections from the prior review:

• ✓ Fixed "incomming" → "incoming"
• ✓ Fixed "as an edge cases as not considered" → "because an edge case had not been considered"
• ✓ Improved clarity of the validation sentence

The section now reads much more clearly than the previous iteration. The format, headers, and changelog link are all correct.