Skip to content

v4.1.7

Choose a tag to compare

View all tags
@ifrederico ifrederico released this 09 May 03:20
· 6 commits to main since this release
v4.1.7
fc9859d

Fixes

  • Validate decoded paths before directory listings to prevent encoded traversal paths.
  • Keep the default 127.0.0.1 / localhost bind local instead of exposing the server on all interfaces.
  • Use resolved path containment for served-file URL resolution instead of string prefix checks.
  • Trigger reloads when new watched files are created.
  • Fix live reload script injection so closing tags are preserved and the injected template does not add an extra </body>.

Verification

  • python3 -B -m unittest tests.test_regressions
  • Syntax compile check for touched Python files
Assets 2
Loading