Sha256: 1bd0699fe2090e53c7b98e775736ebdba544f01ea849f7f50a7badceef2db524

Contents?: true

Size: 707 Bytes

Versions: 15

Compression:

Stored size: 707 Bytes

Contents

---
layout: news_item
title: 'Jekyll 1.5.1 Released'
date: 2014-03-27 22:43:48 -0400
author: parkr
version: 1.5.1
categories: [release]
---

The hawk-eyed [@gregose](https://github.com/gregose) spotted a bug in our
`Jekyll.sanitized_path` code:

{% highlight ruby %}
> sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
=> "/tmp/foobar/jail/../../../etc/passwd"
{% endhighlight %}

Well, we can't have that! In 1.5.1, you'll instead see:

{% highlight ruby %}
> sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
=> "/tmp/foobar/jail/..c:/..c:/..c:/etc/passwd"
{% endhighlight %}

Luckily not affecting 1.4.x, this fix will make 1.5.0 that much safer for
the masses. Thanks, Greg!

Version data entries

15 entries across 15 versions & 2 rubygems

Version Path
jekyll-docs-3.1.6 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-docs-3.1.5 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-docs-3.1.4 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-docs-3.1.3 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-docs-3.1.2 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-docs-3.0.3 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.2.0 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.1.1 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.1.0 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.0.3 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.0.2 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.0.1 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.0.0 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.0.0.rc1 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.0.0.alpha.3 site/_posts/2014-03-27-jekyll-1-5-1-released.markdown