From 46c64a983927aaa7e7a752bc0643e8c9c43e23ec Mon Sep 17 00:00:00 2001
From: Sven-Hendrik Haase <svenstaro@gmail.com>
Date: Wed, 18 May 2022 06:45:37 +0200
Subject: Fix security issue with --no-symlinks

Even with --no-symlinks specified, if a direct path to a symlink had been entered, it would be resolved.
This fixes that behavior and improves tests to ensure this behavior.
---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 76928b6..7658b3b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 <!-- next-header -->
 
 ## [Unreleased] - ReleaseDate
+- Fix security issue where `--no-symlinks` would only hide symlinks from listing but it would
+  still be possible to follow them if the path was known
 
 ## [0.19.4] - 2022-04-02
 - Fix random route leaking on error pages [#764](https://github.com/svenstaro/miniserve/pull/764) (thanks @steffhip)
-- 
cgit v1.2.3