dan
/
jekyll
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Write blog posts for humans 

* Polish blog-post language for a less-technical crowd
* Emphasize that it's not a core issue
* Emphasize that it doesn't affect sites without plugins
* Break into paragraphs for easier skimability
* Explain that it affects users with access to templates, not just plugin authors
This commit is contained in:
Ben Balter 2013-07-25 09:33:45 -04:00
parent 0db5dcf832
commit a1afe8918d
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
site/_posts/2013-07-25-jekyll-1-0-4-released.markdown
View File

@ -7,11 +7,11 @@ version: 1.0.4
categories: [release]
---
This version contains a [very important security patch][230] for `Liquid::Drop` plugins
which granted access to all non-`Drop` entities within a `Drop`, which may include your
Rack configuration settings and many more pieces of private information which could be
used to exploit your system. We recommend you upgrade to v1.0.4 as quickly as possible if
you use `Liquid::Drop` plugins in your site.
Version 1.0.4 fixes a minor, but none-the-less important security vulnerablity affecting several third-party Jekyll plugins. If your Jekyll site does not use plugins, you are may, but are not required to upgrade at this time.
Community and custom plugins extending the `Liquid::Drop` class may inadvertantly disclose some system information such as directory structure or software configuration to users with access to the Liquid templating system.
We recommend you upgrade to Jekyll v1.0.4 immediately if you use `Liquid::Drop` plugins on your Jekyll site.
Many thanks for [Ben Balter](http://github.com/benbalter) for alerting us to the problem
and [submitting a patch][1349] so quickly.

10
site/_posts/2013-07-25-jekyll-1-1-2-released.markdown
View File

@ -7,11 +7,11 @@ version: 1.1.2
categories: [release]
---
This version contains a [very important security patch][230] for `Liquid::Drop` plugins
which granted access to all non-`Drop` entities within a `Drop`, which may include your
Rack configuration settings and many more pieces of private information which could be
used to exploit your system. We recommend you upgrade to v1.1.2 as quickly as possible if
you use `Liquid::Drop` plugins in your site.
Version 1.1.2 fixes a minor, but none-the-less important security vulnerablity affecting several third-party Jekyll plugins. If your Jekyll site does not use plugins, you are may, but are not required to upgrade at this time.
Community and custom plugins extending the `Liquid::Drop` class may inadvertantly disclose some system information such as directory structure or software configuration to users with access to the Liquid templating system.
We recommend you upgrade to Jekyll v1.1.2 immediately if you use `Liquid::Drop` plugins on your Jekyll site.
Many thanks for [Ben Balter](http://github.com/benbalter) for alerting us to the problem
and [submitting a patch][1349] so quickly.