diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -1,3 +1,13 @@ +Mon Mar 3 23:28:37 2008 GOTOU Yuuzou <gotoyuzo@notwork.org> + + * lib/webrick/httpservlet/filehandler.rb: should normalize path + separators in path_info to prevent directory traversal + attacks on DOSISH platforms. + reported by Digital Security Research Group [DSECRG-08-026]. + + * lib/webrick/httpservlet/filehandler.rb: pathnames which have + not to be published should be checked case-insensitively. + Mon Mar 3 17:25:45 2008 Yukihiro Matsumoto <matz@ruby-lang.org> * gc.c (add_heap): sort heaps array in ascending order to use |