Gradio 6.15.1 patches SSRF vulnerability, improves SSR and dataframes

Gradio App has released version 6.15.1 of its popular open-source library for building machine learning demos. The patch addresses a server-side request forgery (SSRF) vulnerability (GHSA-jmh7-g254-2cq9) in the `Blocks.from_config()` proxy URL handling. SSRF attacks can allow malicious users to make requests from the server to internal systems, potentially exposing sensitive data. The fix, contributed by xr843, adds regression coverage to guard against this vector. Gradio users who expose custom interfaces via `from_config()` should update immediately to protect their infrastructure.

Beyond the security fix, version 6.15.1 brings several quality-of-life improvements. Audio cache keys now include metadata, preventing stale or mismatched cached results. The DataFrame component now correctly handles empty and single-dimensional auto-datatype values, reducing edge-case crashes in data-heavy apps. In server-side rendering (SSR) mode, the Node front proxy startup is deferred until Python is fully ready, eliminating race conditions that could cause interface load failures. Contributors pngwn, danyalahmed1995, and two others worked on these updates. With 42.7k GitHub stars and 3.5k forks, Gradio remains a cornerstone for rapid AI prototyping—this release keeps it reliable and secure.