From 626cb9aa9529e3c0b5d080d970660e3373f0fdf8 Mon Sep 17 00:00:00 2001
From: Parker Moore <parkrmoore@gmail.com>
Date: Fri, 28 Mar 2014 02:30:59 -0400
Subject: [PATCH] Add 1.5.1 release post.

---
 .../2014-03-27-jekyll-1-5-1-released.markdown | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown

diff --git a/site/_posts/2014-03-27-jekyll-1-5-1-released.markdown b/site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
new file mode 100644
index 00000000..1eae60fb
--- /dev/null
+++ b/site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
@@ -0,0 +1,26 @@
+---
+layout: news_item
+title: 'Jekyll 1.5.1 Released'
+date: 2014-03-27 22:43:48 -0400
+author: parkr
+version: 1.5.1
+categories: [release]
+---
+
+The hawk-eyed [@gregose](https://github.com/gregose) spotted a bug in our
+`Jekyll.sanitized_path` code:
+
+{% highlight ruby %}
+> sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
+=> "/tmp/foobar/jail/../../../etc/passwd"
+{% endhighlight %}
+
+Well, we can't have that! In 1.5.1, you'll instead see:
+
+{% highlight ruby %}
+> sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
+=> "/tmp/foobar/jail/etc/passwd"
+{% endhighlight %}
+
+Luckily not affecting 1.4.x, this fix will make 1.5.0 that much safer for
+the masses. Thanks, Greg!