diff options
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 16 |
1 files changed, 16 insertions, 0 deletions
@@ -1,3 +1,19 @@ +Sun May 18 22:26:51 2008 GOTOU Yuuzou <gotoyuzo@notwork.org> + + * lib/webrick/httpservlet/filehandler.rb: should normalize path + name in path_info to prevent script disclosure vulnerability on + DOSISH filesystems. (fix: CVE-2008-1891) + Note: NTFS/FAT filesystem should not be published by the platforms + other than Windows. Pathname interpretation (including short + filename) is less than perfect. + + * lib/webrick/httpservlet/abstract.rb + (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri): + should escape the value of Location: header. + + * lib/webrick/httpservlet/cgi_runner.rb: accept interpreter + command line arguments. + Sun May 18 02:54:46 2008 Yusuke Endoh <mame@tsg.ne.jp> * pack.c (pack_pack): check errno to detect error of ruby_strtoul. |