Contents

---
layout: news_item
title: 'Jekyll 1.5.1 Released'
date: 2014-03-27 22:43:48 -0400
author: parkr
version: 1.5.1
categories: [release]
---

The hawk-eyed [@gregose](https://github.com/gregose) spotted a bug in our
`Jekyll.sanitized_path` code:

{% highlight ruby %}
> sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
=> "/tmp/foobar/jail/../../../etc/passwd"
{% endhighlight %}

Well, we can't have that! In 1.5.1, you'll instead see:

{% highlight ruby %}
> sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd")
=> "/tmp/foobar/jail/..c:/..c:/..c:/etc/passwd"
{% endhighlight %}

Luckily not affecting 1.4.x, this fix will make 1.5.0 that much safer for
the masses. Thanks, Greg!

Version data entries

15 entries across 15 versions & 2 rubygems

Version	Path
jekyll-docs-3.1.6	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-docs-3.1.5	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-docs-3.1.4	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-docs-3.1.3	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-docs-3.1.2	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-docs-3.0.3	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.2.0	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.1.1	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.1.0	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.0.3	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.0.2	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.0.1	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.0.0	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.0.0.rc1	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown
jekyll-2.0.0.alpha.3	site/_posts/2014-03-27-jekyll-1-5-1-released.markdown