Commits

Anonymous committed eefa942

ANN: CherryPy-2.1.1

Comments (0)

Files changed (1)

 
 <!--first news highlighted-->
 <div class="highlighted">
+<b>2006-01-10 CherryPy-2.1.1 released. Fixes serious security flaw in 2.1.0.</b><br/>
+We just fixed a serious security flaw in staticfilter. Basically, if you used staticfilter anyone could read any file on your system by requesting URLs with ".." in them. The fix is in SVN and we backported it to the 2.1.0 release. If you're running
+2.1.0 we recommend that you upgrade to 2.1.1 ASAP. Download links are on the <a href="/wiki/CherryPyDownload">download page</a>.<br />
+</div>
+<br />
 <b>2006-01-06 New CMS based on CherryPy: Skeletonz</b><br/>
 There is a new CMS based on CherryPy. It also uses Cheetah, SQLObject and some Ajax. Here is the <a href="http://www.daimi.au.dk/~amix/skeletonz/">link</a>.
-</div>
 <br />
 <b>2005-12-19 Logs from IRC channel now available</b><br />
 You can check the logs of what's happening on the IRC channel at <a href = "http://www.defuze.org/oss/cpirc/index.html">http://www.defuze.org/oss/cpirc/index.html</a>.