diff --git a/trunk/doc/CHANGELOG.md b/trunk/doc/CHANGELOG.md
index 721ee3ed1..b17b245de 100644
--- a/trunk/doc/CHANGELOG.md
+++ b/trunk/doc/CHANGELOG.md
@@ -7,6 +7,7 @@ The changelog for SRS.
 <a name="v7-changes"></a>
 
 ## SRS 7.0 Changelog
+* v7.0, 2025-10-27, HLS/DASH: Fix dispose to skip unpublish when not enabled, and add forbidden directory protection to SrsPath::unlink. v7.0.111
 * v7.0, 2025-10-27, AI: HTTP-FLV: Enforce minimum 10ms sleep to prevent CPU busy-wait when mw_latency=0. v7.0.110 (#3963)
 * v7.0, 2025-10-26, AI: Edge: Fix stream names with dots being incorrectly truncated in source URL generation. v7.0.109 (#4011)
 * v7.0, 2025-10-26, AI: HTTPS: Handle SSL_ERROR_ZERO_RETURN as graceful connection closure. v7.0.108 (#4036)
diff --git a/trunk/src/app/srs_app_dash.cpp b/trunk/src/app/srs_app_dash.cpp
index 824acfa33..0e04e314d 100644
--- a/trunk/src/app/srs_app_dash.cpp
+++ b/trunk/src/app/srs_app_dash.cpp
@@ -878,10 +878,14 @@ SrsDash::~SrsDash()
 
 void SrsDash::dispose()
 {
-    if (enabled_) {
-        on_unpublish();
+    // We disabled the reload, so DASH will not be enabled by reloading. 
+    // As a result, if DASH is disabled, we don't need to dispose.
+    if (!enabled_) {
+        return;
     }
 
+    on_unpublish();
+
     // Ignore when dash_dispose disabled.
     srs_utime_t dash_dispose = config_->get_dash_dispose(req_->vhost_);
     if (!dash_dispose) {
diff --git a/trunk/src/app/srs_app_hls.cpp b/trunk/src/app/srs_app_hls.cpp
index c8f0e19f6..0c8fef9cc 100644
--- a/trunk/src/app/srs_app_hls.cpp
+++ b/trunk/src/app/srs_app_hls.cpp
@@ -2549,10 +2549,14 @@ srs_error_t SrsHls::do_reload(int *reloading, int *reloaded, int *refreshed)
 
 void SrsHls::dispose()
 {
-    if (enabled_) {
-        on_unpublish();
+    // We disabled the reload, so HLS will not be enabled by reloading. 
+    // As a result, if HLS is disabled, we don't need to dispose.
+    if (!enabled_) {
+        return;
     }
 
+    on_unpublish();
+
     // Ignore when hls_dispose disabled.
     // @see https://github.com/ossrs/srs/issues/865
     srs_utime_t hls_dispose = config_->get_hls_dispose(req_->vhost_);
diff --git a/trunk/src/core/srs_core_version7.hpp b/trunk/src/core/srs_core_version7.hpp
index 585f8671d..66d4422ac 100644
--- a/trunk/src/core/srs_core_version7.hpp
+++ b/trunk/src/core/srs_core_version7.hpp
@@ -9,6 +9,6 @@
 
 #define VERSION_MAJOR 7
 #define VERSION_MINOR 0
-#define VERSION_REVISION 110
+#define VERSION_REVISION 111
 
 #endif
\ No newline at end of file
diff --git a/trunk/src/kernel/srs_kernel_utility.cpp b/trunk/src/kernel/srs_kernel_utility.cpp
index aa20d7a30..363fa2332 100644
--- a/trunk/src/kernel/srs_kernel_utility.cpp
+++ b/trunk/src/kernel/srs_kernel_utility.cpp
@@ -539,6 +539,40 @@ bool SrsPath::exists(std::string path)
 
 srs_error_t SrsPath::unlink(std::string path)
 {
+    // Define the directories that are forbidden to delete.
+    std::string forbidden[] = {
+        "./",
+        "../",
+        "/",
+        "/bin",
+        "/boot",
+        "/dev",
+        "/etc",
+        "/home",
+        "/lib",
+        "/lib32",
+        "/lib64",
+        "/libx32",
+        "/lost+found",
+        "/media",
+        "/mnt",
+        "/opt",
+        "/proc",
+        "/root",
+        "/run",
+        "/sbin",
+        "/srv",
+        "/sys",
+        "/tmp",
+        "/usr",
+        "/var",
+    };
+    for (int i = 0; i < sizeof(forbidden) / sizeof(forbidden[0]); i++) {
+        if (path == forbidden[i]) {
+            return srs_error_new(ERROR_SYSTEM_FILE_UNLINK, "unlink forbidden %s", path.c_str());
+        }
+    }
+
     if (::unlink(path.c_str()) < 0) {
         return srs_error_new(ERROR_SYSTEM_FILE_UNLINK, "unlink %s", path.c_str());
     }