Changeset 32921 in project


Ignore:
Timestamp:
11/18/15 20:03:43 (5 years ago)
Author:
sjamaan
Message:

Summary: Spiffy: Add CVE ID to changelog

File:
1 edited

Legend:

Unmodified
Added
Removed
  • wiki/eggref/4/spiffy

    r32902 r32921  
    750750=== Changelog
    751751
    752 * 5.4: Fix critical security vulnerability (path traversal) by disallowing backslashes in request paths (thanks to Benedikt Rosenau for reporting the vulnerability).  Use {{spiffy}} in the gensym'ed name of spiffy's threads, for easier debugging.  Thanks to Evan Hanson.
     752* 5.4: Fix critical security vulnerability (path traversal, CVE-2015-8235) by disallowing backslashes in request paths (thanks to Benedikt Rosenau for reporting the vulnerability).  Use {{spiffy}} in the gensym'ed name of spiffy's threads, for easier debugging.  Thanks to Evan Hanson.
    753753* 5.3.2 Fix tests so they still function correctly when {{SPIFFY_TEST_PORT}} is overridden.  Thanks to Kon Lovett for pointing this out.
    754754* 5.3.1 Don't try to handle another request when the input or output ports are closed (thanks to Thomas Hintz.  This makes [[/egg/websockets|websocket]] support work properly!)
Note: See TracChangeset for help on using the changeset viewer.