The fix (commit a6bf758de0b3242b0c0e4b47a588aae0c94305b0) for CVE-2023-4651 is not complete. Only ip based URLs are blocked.
Clone the latest repo and install.
On server, listen for 1234 on localhost.
Use http://localhost:1234/ as URL for image upload.
Observe a hit on port 1234.