From 76efd3551c856a6b359282ae5e02b18295d6cf97 Mon Sep 17 00:00:00 2001
From: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 3 Mar 2008 14:37:52 +0000
Subject: merge revision(s) 15677: 	*
 lib/webrick/httpservlet/filehandler.rb: should normalize path 	  separators
 in path_info to prevent directory traversal attacks 	  on DOSISH platforms.
 	  reported by Digital Security Research Group [DSECRG-08-026]. 	*
 lib/webrick/httpservlet/filehandler.rb: pathnames which have 	  not to be
 published should be checked case-insensitively.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@15680 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index 00801428da..fe45d43d24 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+Mon Mar  3 23:36:41 2008  GOTOU Yuuzou  <gotoyuzo@notwork.org>
+
+	* lib/webrick/httpservlet/filehandler.rb: should normalize path
+	  separators in path_info to prevent directory traversal attacks
+	  on DOSISH platforms.
+	  reported by Digital Security Research Group [DSECRG-08-026].
+
+	* lib/webrick/httpservlet/filehandler.rb: pathnames which have
+	  not to be published should be checked case-insensitively.
+
 Sun Sep 23 21:57:25 2007  GOTOU Yuuzou  <gotoyuzo@notwork.org>  
 
 	* lib/net/http.rb: an SSL verification (the server hostname should
-- 
cgit v1.2.3