Rooba
/
tornado
mirror of https://github.com/tornadoweb/tornado.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
tornado/docs/releases/v4.2.1.rst

13 lines
325 B
ReStructuredText
Raw Blame History

What's new in Tornado 4.2.1
===========================
Jul 17, 2015
------------
Security fix
~~~~~~~~~~~~
* This release fixes a path traversal vulnerability in `.StaticFileHandler`,
in which files whose names *started with* the ``static_path`` directory
but were not actually *in* that directory could be accessed.
Reference in New Issue View Git Blame Copy Permalink