unch-cms/2014-03-27-jekyll-1-5-1-released.markdown at d0c612435472d3eff38e5bd8752426e5b00d82cc

dipta ikromi m d0c6124354 First Deploy

2022-09-02 11:25:50 +07:00

layout

title

date

author

version

categories

news_item

Jekyll 1.5.1 Released

2014-03-27 22:43:48 -0400

parkr

1.5.1

release

The hawk-eyed @gregose spotted a bug in our Jekyll.sanitized_path code:

{% highlight ruby %}

sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd") => "/tmp/foobar/jail/../../../etc/passwd" {% endhighlight %}

Well, we can't have that! In 1.5.1, you'll instead see:

{% highlight ruby %}

sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd") => "/tmp/foobar/jail/..c:/..c:/..c:/etc/passwd" {% endhighlight %}

Luckily not affecting 1.4.x, this fix will make 1.5.0 that much safer for the masses. Thanks, Greg!