v2025.12.0

Full Changelog: v2025.3.2...v2025.12.0

[v2025.12.0] - 2025-12-13

Security

• Fixed CVE-2023-6730 by upgrading the vulnerable dependency. Deserialization of Untrusted Data in huggingface/transformers.
• Fixed CVE-2025-27516 by upgrading the vulnerable dependency. Jinja2 vulnerable to sandbox breakout through attr filter selecting format method.
• Fixed CVE-2025-66034 by upgrading the vulnerable dependency. fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib.
• Fixed CVE-2025-3730 by upgrading the vulnerable dependency. PyTorch Improper Resource Shutdown or Release vulnerability.
• Fixed CVE-2025-2953 by upgrading the vulnerable dependency. PyTorch susceptible to local Denial of Service.
• Fixed CVE-2024-11393 by upgrading the vulnerable dependency. Deserialization of Untrusted Data in Hugging Face Transformers.
• Fixed CVE-2024-11392 by upgrading the vulnerable dependency. Deserialization of Untrusted Data in Hugging Face Transformers.
• Fixed CVE-2024-3568 by upgrading the vulnerable dependency. Transformers Deserialization of Untrusted Data vulnerability.
• Fixed CVE-2024-11394 by upgrading the vulnerable dependency. Deserialization of Untrusted Data in Hugging Face Transformers.
• Fixed CVE-2023-6730 by upgrading the vulnerable dependency. transformers has a Deserialization of Untrusted Data vulnerability.
• Fixed CVE-2023-7018 by upgrading the vulnerable dependency. transformers has a Deserialization of Untrusted Data vulnerability.
• Fixed CVE-2025-5197 by upgrading the vulnerable dependency. Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability.
• Fixed CVE-2024-12720 by upgrading the vulnerable dependency. Transformers Regular Expression Denial of Service (ReDoS) vulnerability.
• Fixed CVE-2025-66418 by upgrading the vulnerable dependency. urllib3 Allocation of Resources Without Limits or Throttling.
• Fixed CVE-2025-66471 by upgrading the vulnerable dependency. urllib3 Improper Handling of Highly Compressed Data (Data Amplification).

Added

• Added support for LoRA.
• Added generation information in title.
• Added megapixel resolution display in image size toolbar.
• Added support for loading models by dropping safetensors files.
• Added auto‑find model feature that automatically searches for and loads the correct model when loading images with embedded metadata.
• Added system memory monitoring to status bar with real‑time usage display.
• Added GPU memory usage monitoring to status bar with color‑coded warnings and detailed tooltips.
• Added traceback logging for worker errors.
• Added .python-version file.
• Added new directories to .gitignore.
• Added splitting‑prompt support via the BREAK keyword.
• Added tooltip to model-path button showing the full path to the currently loaded model.
• Added trivy as security scanner.

Changed

• Image changing is now smooth.
• After pressing Generate, focus moves to the positive prompt editor.
• Enhanced prompt processing to support longer and more complex prompts without automatic truncation.
• Improved handling of advanced prompt syntax.
• Improved reliability when using weighted prompts and complex prompt structures.
• Disabled progress bar for SDXL pipeline.
• Increased weight spinboxes range to –5…5 for LoRAs.
• Updated dependencies and build system.
• Fully reimplemented generation process.

Fixed

• Fixed rich‑text paste handling in prompt editors (formatting is now stripped on paste).
• Fixed CUDA cache leak where model data persisted after changing the model.
• Fixed potential file overwrite during automatic image saving.
• Fixed prompt‑processing issues with advanced syntax and improved reliability of prompt‑weighting features.
• Fixed image size threshold handling for latent images.
• Fixed worker error logging to include traceback information.
• Fixed several prompt‑highlighting bugs.
• Fixed metadata loading/saving for JPEG/XMP files.
• Fixed CUDA memory leak.
• Now empty model path not set.