685 B
		
	
	
	
	
	
			
		
		
	
	
			685 B
		
	
	
	
	
	
| title | date | author | version | category | 
|---|---|---|---|---|
| Jekyll 1.5.1 Released | 2014-03-27 22:43:48 -0400 | parkr | 1.5.1 | release | 
The hawk-eyed @gregose spotted a bug in our
Jekyll.sanitized_path code:
{% highlight ruby %}
sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd") => "/tmp/foobar/jail/../../../etc/passwd" {% endhighlight %}
Well, we can't have that! In 1.5.1, you'll instead see:
{% highlight ruby %}
sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd") => "/tmp/foobar/jail/..c:/..c:/..c:/etc/passwd" {% endhighlight %}
Luckily not affecting 1.4.x, this fix will make 1.5.0 that much safer for the masses. Thanks, Greg!