diff options
| author | Sven-Hendrik Haase <svenstaro@gmail.com> | 2022-05-18 04:45:37 +0000 |
|---|---|---|
| committer | Sven-Hendrik Haase <svenstaro@gmail.com> | 2022-05-18 04:45:37 +0000 |
| commit | 46c64a983927aaa7e7a752bc0643e8c9c43e23ec (patch) | |
| tree | 02519193e2ab5e52ef24fbb530e08c188b502b66 /CHANGELOG.md | |
| parent | Run clippy only on nightly (diff) | |
| download | miniserve-46c64a983927aaa7e7a752bc0643e8c9c43e23ec.tar.gz miniserve-46c64a983927aaa7e7a752bc0643e8c9c43e23ec.zip | |
Fix security issue with --no-symlinks
Even with --no-symlinks specified, if a direct path to a symlink had been entered, it would be resolved.
This fixes that behavior and improves tests to ensure this behavior.
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 76928b6..7658b3b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/). <!-- next-header --> ## [Unreleased] - ReleaseDate +- Fix security issue where `--no-symlinks` would only hide symlinks from listing but it would + still be possible to follow them if the path was known ## [0.19.4] - 2022-04-02 - Fix random route leaking on error pages [#764](https://github.com/svenstaro/miniserve/pull/764) (thanks @steffhip) |