unch-cms/public/assets/vendor/jekyll/site/_posts/2014-03-27-jekyll-1-5-1-released.markdown

---
layout: news_item
title: 'Jekyll 1.5.1 Released'
date: 2014-03-27 22:43:48 -0400
author: parkr
version: 1.5.1
categories: [release]
---

The hawk-eyed [@gregose](https://github.com/gregose) spotted a bug in our
`Jekyll.sanitized_path` code:

{% highlight ruby %}
> sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
=> "/tmp/foobar/jail/../../../etc/passwd"
{% endhighlight %}

Well, we can't have that! In 1.5.1, you'll instead see:

{% highlight ruby %}
> sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
=> "/tmp/foobar/jail/..c:/..c:/..c:/etc/passwd"
{% endhighlight %}

Luckily not affecting 1.4.x, this fix will make 1.5.0 that much safer for
the masses. Thanks, Greg!
First Deploy 2022-09-02 11:25:50 +07:00			`---`
			`layout: news_item`
			`title: 'Jekyll 1.5.1 Released'`
			`date: 2014-03-27 22:43:48 -0400`
			`author: parkr`
			`version: 1.5.1`
			`categories: [release]`
			`---`

			`The hawk-eyed [@gregose](https://github.com/gregose) spotted a bug in our`
			`Jekyll.sanitized_path` code:

			`{% highlight ruby %}`
			`> sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")`
			`=> "/tmp/foobar/jail/../../../etc/passwd"`
			`{% endhighlight %}`

			`Well, we can't have that! In 1.5.1, you'll instead see:`

			`{% highlight ruby %}`
			`> sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")`
			`=> "/tmp/foobar/jail/..c:/..c:/..c:/etc/passwd"`
			`{% endhighlight %}`

			`Luckily not affecting 1.4.x, this fix will make 1.5.0 that much safer for`
			`the masses. Thanks, Greg!`