In this one we added an option to disable URL uploads, which is now disabled by default.
^^^ With this, your server IP won't be longer exposed to be sniffed by attackers using the remote upload functionality. You can enable it if you will use it private in your own safe context.
In this one we also fixed the asset storage configuration for remote storage, we tested it storing avatars and whatnot using B2 storage. With this now fixed you can migrate to external storage for website assets and stop using your local disk for that purpose.