Update.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_6@1528 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: knu <knu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2001-06-19 05:28:10 +0000
committer: knu <knu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2001-06-19 05:28:10 +0000
commit: 4cfb967e1b481def21b137b7e025227cd7989709 (patch)
tree: c2438b82ce709cf48750113b972c0b1f0bf934b1 /doc
parent: 9be426a0ec6ec98b61a7d99f2d77d5fdf79a3837 (diff)
1 files changed, 15 insertions, 2 deletions
diff --git a/doc/NEWS b/doc/NEWS
index f5f7174abb..e9d88b2901 100644
--- a/doc/NEWS
+++ b/doc/NEWS
@@ -1,5 +1,18 @@
 Summary of the changes since 1.6.4:
 
+: require
+
+  Changed to search directories for ".rb" and ".so" at the same time,
+  instead of search directories for ".rb" then for ".so".  The
+  previous behavior had a security risk. [ruby-bugs (PR#140)]
+
+  Which means, now:
+
+    require "socket"
+
+  will find the standard socket.so prior to a socket.rb in the current
+  directory.
+
 : lib/sync.rb
 : lib/mutex_m.rb
 
@@ -7,8 +20,8 @@ Summary of the changes since 1.6.4:
 
 : $SAFE / load
 
-  Fixed a bug that a file with a tainted filename can be loaded even
-  under $SAFE == 1 when the second argument is true.  [ruby-dev:13481]
+  Fixed a bug that a file with a tainted filename can be loaded when
+  1 <= $SAFE <= 3 and the second argument is true.  [ruby-dev:13481]
 
     $SAFE = 1
     filename = "foo"
author	knu <knu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2001-06-19 05:28:10 +0000
committer	knu <knu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2001-06-19 05:28:10 +0000
commit	4cfb967e1b481def21b137b7e025227cd7989709 (patch)
tree	c2438b82ce709cf48750113b972c0b1f0bf934b1 /doc
parent	9be426a0ec6ec98b61a7d99f2d77d5fdf79a3837 (diff)