Documented security fix in changelog

2010-12-23 14:18:14 +01:00 · 2010-12-23 14:18:14 +01:00 · b92120b190
commit b92120b190
parent ed70b42798
1 changed files with 3 additions and 0 deletions
--- a/3
+++ b/3
@ -40,6 +40,9 @@ Bugfix release, release date to be announced.
  module setups.
 - Fixed an issue where the subdomain setting for modules was
  ignored for the static folder.
+- Fixed a security problem that allowed clients to download arbitrary files
+  if the host server was a windows based operating system and the client
+  uses backslashes to escape the directory the files where exposed from.

 Version 0.6
 -----------