Germinal v0.2.0 update

solderpunk solderpunk at SDF.ORG
Sun Jun 14 10:46:30 BST 2020

Previous message (by thread): Germinal v0.2.0 update
Next message (by thread): Germinal v0.2.0 update
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jun 13, 2020 at 10:06:39PM -0400, Jason McBrayer wrote:

> The most important of these bug fixes is a fix to a path-traversal bug,
> that could have allowed carefully constructed requests to read
> world-readable files from outside your Germinal document root. (There
> was code to catch path traversals before, but it was wrong, and only
> caught simple cases).

Path-traversal bugs are scary!  Is it worth sharing the details of this
so that other server authors can check for analogous bugs in their
servers?  Or was it highly specific to your programming language or
server design? 

Cheers,
Solderpunk

Previous message (by thread): Germinal v0.2.0 update
Next message (by thread): Germinal v0.2.0 update
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list