diff options
author | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-03-03 14:37:52 +0000 |
---|---|---|
committer | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-03-03 14:37:52 +0000 |
commit | 76efd3551c856a6b359282ae5e02b18295d6cf97 (patch) | |
tree | 3c18da8f760e1018212fbb8687cf45883280c78f /ChangeLog | |
parent | e7daebf21af1fa6002f86527b0e8d6a0f9dcd67c (diff) |
merge revision(s) 15677:
* lib/webrick/httpservlet/filehandler.rb: should normalize path
separators in path_info to prevent directory traversal attacks
on DOSISH platforms.
reported by Digital Security Research Group [DSECRG-08-026].
* lib/webrick/httpservlet/filehandler.rb: pathnames which have
not to be published should be checked case-insensitively.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@15680 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -1,3 +1,13 @@ +Mon Mar 3 23:36:41 2008 GOTOU Yuuzou <gotoyuzo@notwork.org> + + * lib/webrick/httpservlet/filehandler.rb: should normalize path + separators in path_info to prevent directory traversal attacks + on DOSISH platforms. + reported by Digital Security Research Group [DSECRG-08-026]. + + * lib/webrick/httpservlet/filehandler.rb: pathnames which have + not to be published should be checked case-insensitively. + Sun Sep 23 21:57:25 2007 GOTOU Yuuzou <gotoyuzo@notwork.org> * lib/net/http.rb: an SSL verification (the server hostname should |