Release 3.0.9
Security
- Escape path before evaluating resource rules (thanks @praetorian-colby-morgan). Prior to this, flask-cors incorrectly
evaluated CORS resource matching before path expansion. E.g. "/api/../foo.txt" would incorrectly match resources for
"/api/*" whereas the path actually expands simply to "/foo.txt"