diff options
| -rw-r--r-- | ChangeLog | 25 |
1 files changed, 25 insertions, 0 deletions
@@ -1,3 +1,28 @@ +Sun Jun 15 22:54:39 2008 GOTOU Yuuzou <gotoyuzo@notwork.org> + + * lib/webrick/httpservlet/filehandler.rb: should normalize path + name in path_info to prevent script disclosure vulnerability on + DOSISH filesystems. (fix: CVE-2008-1891) + Note: NTFS/FAT filesystem should not be published by the platforms + other than Windows. Pathname interpretation (including short + filename) is less than perfect. + + * lib/webrick/httpservlet/abstract.rb + (WEBrick::HTTPServlet::AbstracServlet#redirect_to_directory_uri): + should escape the value of Location: header. + + * lib/webrick/httpservlet/cgi_runner.rb: accept interpreter + command line arguments. + +Sun Jun 15 22:54:39 2008 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * file.c (file_expand_path): support for alternative data stream + and ignored trailing garbages of NTFS. + + * file.c (rb_file_s_basename): ditto. + + * file.c (rb_file_s_extname): ditto. + Sun Jun 15 22:52:24 2008 Yukihiro Matsumoto <matz@ruby-lang.org> * string.c (rb_str_cat): fixed buffer overrun reported by |