Browse files

Documented security fix in changelog

  • Loading branch information...
1 parent ed70b42 commit b92120b190e92288468d8617bc0e270dbf32ea71 @mitsuhiko mitsuhiko committed Dec 23, 2010
Showing with 3 additions and 0 deletions.
  1. +3 −0 CHANGES
@@ -40,6 +40,9 @@ Bugfix release, release date to be announced.
module setups.
- Fixed an issue where the subdomain setting for modules was
ignored for the static folder.
+- Fixed a security problem that allowed clients to download arbitrary files
+ if the host server was a windows based operating system and the client
+ uses backslashes to escape the directory the files where exposed from.
Version 0.6

0 comments on commit b92120b

Please sign in to comment.