Add 1.4.3 release post by @BenBalter for master branch.

site/_posts/2014-01-13-jekyll-1-4-3-released.markdown

@@ -0,0 +1,26 @@
+---
+layout: news_item
+title: 'Jekyll 1.4.3 Released'
+date: 2014-01-13 17:43:32 -0800
+author: benbalter
+version: 1.4.3
+categories: [release]
+---
+
+Jekyll 1.4.3 contains two **critical** security fixes. If you run Jekyll locally
+and do not run Jekyll in "safe" mode (e.g. you do not build Jekyll sites on behalf
+of others), you are not affected and are not required to update at this time.
+([See pull request.]({{ site.repository }}/pull/1944))
+
+Versions of Jekyll prior to 1.4.3 and greater than 1.2.0 may allow malicious
+users to expose the content of files outside the source directory in the
+generated output via improper symlink sanitization, potentially resulting in an
+inadvertent information disclosure.
+
+Versions of Jekyll prior to 1.4.3 may also allow malicious users to write
+arbitrary `.html` files outside of the destination folder via relative path
+traversal, potentially overwriting otherwise-trusted content with arbitrary HTML
+or Javascript depending on your server's configuration.
+
+*Maintainer's note: Many thanks to @gregose and @charliesome for discovering
+these vulnerabilities, and to @BenBalter and @alindeman for writing the patch.*