berkus
/
actix-web
mirror of https://github.com/fafhrd91/actix-web
1
0
Fork 0
Code Issues Releases Wiki Activity

Update CHANGES.md

This commit is contained in:
Rob Ede 2021-03-09 19:52:57 +00:00 committed by GitHub
parent fb278de4b4
commit 497bcbaf8b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
actix-files/CHANGES.md
View File

@ -1,10 +1,11 @@
# Changes
## Unreleased - 2021-xx-xx
* Prevent directory traversal attack by checking if the request path is a
descendant of the `serve_from` directory. E.g., if the files are served from
`./test/`, and someone requests `..%5c/some-secret-file`, they will get a
Forbidden response.
* Prevent directory traversal attack by checking if the request path is a descendant of the
`serve_from` directory. E.g. If the files are served from `./test/`, and someone requests
`..%5c/some-secret-file`, they will get a 403 Forbidden response. [#2059]
[#2059]: https://github.com/actix/actix-web/pull/2059
## 0.6.0-beta.2 - 2021-02-10