<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="generator" content="Jekyll v3.8.3">
<link type="application/atom+xml" rel="alternate" href="https://jekyllrb.com/feed.xml" title="Jekyll • Simple, blog-aware, static sites">
<link rel="alternate" type="application/atom+xml" title="Recent commits to Jekyll’s master branch" href="https://github.com/jekyll/jekyll/commits/master.atom">
<link rel="preconnect" href="https://fonts.gstatic.com/" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Lato:300,300italic,400,400italic,700,700italic,900">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/docsearch.js@2/dist/cdn/docsearch.min.css">
<link rel="stylesheet" href="/css/screen.css">
<link rel="icon" type="image/x-icon" href="/favicon.ico">
<!-- Begin Jekyll SEO tag v2.4.0 -->
<title>Jekyll 1.4.3 Released | Jekyll • Simple, blog-aware, static sites</title>
<meta name="generator" content="Jekyll v3.8.3">
<meta property="og:title" content="Jekyll 1.4.3 Released">
<meta name="author" content="benbalter">
<meta property="og:locale" content="en_US">
<meta name="description" content="Jekyll 1.4.3 contains two critical security fixes. If you run Jekyll locally and do not run Jekyll in “safe” mode (e.g. you do not build Jekyll sites on behalf of others), you are not affected and are not required to update at this time. (See pull request.)">
<meta property="og:description" content="Jekyll 1.4.3 contains two critical security fixes. If you run Jekyll locally and do not run Jekyll in “safe” mode (e.g. you do not build Jekyll sites on behalf of others), you are not affected and are not required to update at this time. (See pull request.)">
<link rel="canonical" href="https://jekyllrb.com/news/2014/01/13/jekyll-1-4-3-released/">
<meta property="og:url" content="https://jekyllrb.com/news/2014/01/13/jekyll-1-4-3-released/">
<meta property="og:site_name" content="Jekyll • Simple, blog-aware, static sites">
<meta property="og:image" content="https://jekyllrb.com/img/twitter-card.png">
<meta property="og:type" content="article">
<meta property="article:published_time" content="2014-01-13T17:43:32-08:00">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:site" content="@jekyllrb">
<meta name="twitter:creator" content="@benbalter">
<meta name="google-site-verification" content="onQcXpAvtHBrUI5LlroHNE_FP0b2qvFyPq7VZw36iEY">
<script type="application/ld+json">
{"description":"Jekyll 1.4.3 contains two critical security fixes. If you run Jekyll locally and do not run Jekyll in “safe” mode (e.g. you do not build Jekyll sites on behalf of others), you are not affected and are not required to update at this time. (See pull request.)","author":{"@type":"Person","name":"benbalter"},"@type":"BlogPosting","url":"https://jekyllrb.com/news/2014/01/13/jekyll-1-4-3-released/","publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"https://jekyllrb.com/img/logo-2x.png"},"name":"benbalter"},"image":"https://jekyllrb.com/img/twitter-card.png","headline":"Jekyll 1.4.3 Released","dateModified":"2014-01-13T17:43:32-08:00","datePublished":"2014-01-13T17:43:32-08:00","mainEntityOfPage":{"@type":"WebPage","@id":"https://jekyllrb.com/news/2014/01/13/jekyll-1-4-3-released/"},"@context":"http://schema.org"}</script>
<!-- End Jekyll SEO tag -->
<!--[if lt IE 9]>
<script src="/js/html5shiv.min.js"></script>
<script src="/js/respond.min.js"></script>
<![endif]-->
</head>
<body class="wrap">
<header>
<div class="flexbox">
<div class="center-on-mobiles">
<h1>
<a href="/" class="logo">
<span class="sr-only">Jekyll</span>
<img src="/img/logo-2x.png" width="140" height="65" alt="Jekyll Logo">
</a>
</h1>
</div>
<nav class="main-nav hide-on-mobiles">
<ul>
<li class="">
<a href="/">Home</a>
</li>
<li class="">
<a href="/docs/home/">Docs</a>
</li>
<li class="current">
<a href="/news/">News</a>
</li>
<li class="">
<a href="/help/">Help</a>
</li>
</ul>
</nav>
<div class="search hide-on-mobiles">
<input type="text" id="docsearch-input" placeholder="Search the docs…">
</div>
<div class="meta hide-on-mobiles">
<ul>
<li>
<a href="https://github.com/jekyll/jekyll/releases/tag/v3.8.3">v3.8.3</a>
</li>
<li>
<a href="https://github.com/jekyll/jekyll">GitHub</a>
</li>
</ul>
</div>
</div>
<nav class="mobile-nav show-on-mobiles">
<ul>
<li class="">
<a href="/">Home</a>
</li>
<li class="">
<a href="/docs/home/">Docs</a>
</li>
<li class="current">
<a href="/news/">News</a>
</li>
<li class="">
<a href="/help/">Help</a>
</li>
<li>
<a href="https://github.com/jekyll/jekyll">GitHub</a>
</li>
</ul>
</nav>
</header>
<section class="news">
<div class="grid">
<div class="docs-nav-mobile unit whole show-on-mobiles">
<select onchange="if (this.value) window.location.href=this.value">
<option value="">Navigate the blog…</option>
<option value="/news/">Home</option>
<optgroup label="v1.x">
<option value="/news/2018/06/05/jekyll-3-8-3-released/">Jekyll 3.8.3 Released</option>
<option value="/news/2018/05/19/jekyll-3-8-2-released/">Jekyll 3.8.2 Released</option>
<option value="/news/2018/05/01/jekyll-3-8-1-released/">Jekyll 3.8.1 Released</option>
<option value="/news/2018/02/24/jekyll-3-7-3-released/">Jekyll 3.7.3 Released</option>
<option value="/news/2018/02/19/meet-jekyll-s-new-lead-developer/">Meet Jekyll's New Lead Developer</option>
<option value="/news/2018/01/25/jekyll-3-7-2-released/">Jekyll 3.7.2 Released</option>
<option value="/news/2018/01/02/jekyll-3-7-0-released/">Jekyll 3.7.0 Released</option>
<option value="/news/2017/10/21/jekyll-3-6-2-released/">Jekyll 3.6.2 Released</option>
<option value="/news/2017/10/19/diversity-open-source/">Diversity in Open Source, and Jekyll's role in it</option>
<option value="/news/2017/09/21/jekyll-3-6-0-released/">Jekyll turns 3.6!</option>
<option value="/news/2017/08/12/jekyll-3-5-2-released/">Jekyll 3.5.2 Released</option>
<option value="/news/2017/07/17/jekyll-3-5-1-released/">Jekyll 3.5.1 Released</option>
<option value="/news/2017/06/15/jekyll-3-5-0-released/">Jekyll turns 3.5, oh my!</option>
<option value="/news/2017/03/21/jekyll-3-4-3-released/">Jekyll 3.4.3 Released</option>
<option value="/news/2017/03/09/jekyll-3-4-2-released/">Jekyll 3.4.2 Released</option>
<option value="/news/2017/03/02/jekyll-3-4-1-released/">Jekyll 3.4.1, or "Unintended Consequences"</option>
<option value="/news/2017/01/18/jekyll-3-4-0-released/">Jekyll turns 3.4.0</option>
<option value="/news/2016/11/14/jekyll-3-3-1-released/">Jekyll 3.3.1 Released</option>
<option value="/news/2016/10/06/jekyll-3-3-is-here/">Jekyll 3.3 is here with better theme support, new URL filters, and tons more</option>
<option value="/news/2016/08/24/jekyll-admin-initial-release/">Jekyll Admin Initial Release</option>
<option value="/news/2016/08/02/jekyll-3-2-1-released/">Jekyll 3.2.1 Released with Fix for Windows</option>
<option value="/news/2016/07/26/jekyll-3-2-0-released/">Jekyll turns 3.2</option>
<option value="/news/2016/06/03/update-on-jekyll-s-google-summer-of-code-projects/">Jekyll's Google Summer of Code Project: The CMS You Always Wanted</option>
<option value="/news/2016/05/19/jekyll-3-1-6-released/">Jekyll 3.1.6 Released</option>
<option value="/news/2016/05/18/jekyll-3-1-5-released/">Jekyll 3.1.5 Released</option>
<option value="/news/2016/05/18/jekyll-3-1-4-released/">Jekyll 3.1.4 "Stability Sam" Released</option>
<option value="/news/2016/04/26/jekyll-3-0-5-released/">Jekyll 3.0.5 Released</option>
<option value="/news/2016/04/19/jekyll-3-1-3-released/">Jekyll 3.1.3 Released</option>
<option value="/news/2016/04/19/jekyll-3-0-4-released/">Jekyll 3.0.4 Released</option>
<option value="/news/2016/03/10/making-it-easier-to-contribute-to-jekyll/">Making it easier to contribute to Jekyll</option>
<option value="/news/2016/02/19/jekyll-3-1-2-released/">Jekyll 3.1.2 Released!</option>
<option value="/news/2016/02/08/jekyll-3-0-3-released/">Jekyll 3.0.3 Released</option>
<option value="/news/2016/01/28/jekyll-3-1-1-released/">Jekyll 3.1.1 Released</option>
<option value="/news/2016/01/24/jekyll-3-1-0-released/">Jekyll 3.1.0 Released</option>
<option value="/news/2016/01/20/jekyll-3-0-2-released/">Jekyll 3.0.2 Released</option>
<option value="/news/2015/11/17/jekyll-3-0-1-released/">Jekyll 3.0.1 Released</option>
<option value="/news/2015/10/26/jekyll-3-0-released/">Jekyll 3.0 Released</option>
<option value="/news/2015/02/26/introducing-jekyll-talk/">Join the Discussion at Jekyll Talk</option>
<option value="/news/2015/01/24/jekyll-3-0-0-beta1-released/">Jekyll 3.0.0.beta1 Released</option>
<option value="/news/2015/01/20/jekyll-meet-and-greet/">Jekyll Meet & Greet at GitHub HQ</option>
<option value="/news/2014/12/22/jekyll-2-5-3-released/">Jekyll Release for the Holidays! v2.5.3 Out</option>
<option value="/news/2014/12/17/alfredxing-welcome-to-jekyll-core/">Alfred Xing has joined the Jekyll core team</option>
<option value="/news/2014/11/12/jekyll-2-5-2-released/">Jekyll 2.5.2 Released</option>
<option value="/news/2014/11/09/jekyll-2-5-1-released/">Jekyll 2.5.1 Released</option>
<option value="/news/2014/11/05/jekylls-midlife-crisis-jekyll-turns-2-5-0/">Jekyll's Mid-Life Crisis (Or, Jekyll turns 2.5.0)</option>
<option value="/news/2014/09/09/jekyll-2-4-0-released/">A Wild Jekyll 2.4.0 Appeared!</option>
<option value="/news/2014/08/10/jekyll-2-3-0-released/">Jekyll 2.3.0 Released</option>
<option value="/news/2014/07/29/jekyll-2-2-0-released/">Jekyll 2.2.0 Released</option>
<option value="/news/2014/07/01/jekyll-2-1-1-released/">Jekyll 2.1.1 Released</option>
<option value="/news/2014/06/28/jekyll-turns-21-i-mean-2-1-0/">Jekyll Turns 21! Err... I mean 2.1.0.</option>
<option value="/news/2014/06/04/jekyll-stickers-1-dollar-stickermule/">Pick Up your $1 Jekyll Sticker</option>
<option value="/news/2014/05/08/jekyll-2-0-3-released/">Jekyll 2.0.3 Released</option>
<option value="/news/2014/05/06/jekyll-turns-2-0-0/">Jekyll turns 2.0.0</option>
<option value="/news/2014/03/27/jekyll-1-5-1-released/">Jekyll 1.5.1 Released</option>
<option value="/news/2014/03/24/jekyll-1-5-0-released/">Jekyll 1.5.0 Released</option>
<option value="/news/2014/01/13/jekyll-1-4-3-released/">Jekyll 1.4.3 Released</option>
<option value="/news/2013/12/16/jekyll-1-4-2-released/">Jekyll 1.4.2 Released</option>
<option value="/news/2013/12/09/jekyll-1-4-1-released/">Jekyll 1.4.1 Released</option>
<option value="/news/2013/12/07/jekyll-1-4-0-released/">Jekyll 1.4.0 Released</option>
<option value="/news/2013/11/26/jekyll-1-3-1-released/">Jekyll 1.3.1 Released</option>
<option value="/news/2013/11/04/jekyll-1-3-0-released/">Jekyll 1.3.0 Released</option>
<option value="/news/2013/10/28/jekyll-1-3-0-rc1-released/">Jekyll 1.3.0.rc1 Released</option>
<option value="/news/2013/09/14/jekyll-1-2-1-released/">Jekyll 1.2.1 Released</option>
<option value="/news/2013/09/06/jekyll-1-2-0-released/">Jekyll 1.2.0 Released</option>
<option value="/news/2013/07/25/jekyll-1-1-2-released/">Jekyll 1.1.2 Released</option>
<option value="/news/2013/07/25/jekyll-1-0-4-released/">Jekyll 1.0.4 Released</option>
<option value="/news/2013/07/24/jekyll-1-1-1-released/">Jekyll 1.1.1 Released</option>
<option value="/news/2013/07/14/jekyll-1-1-0-released/">Jekyll 1.1.0 Released</option>
<option value="/news/2013/06/07/jekyll-1-0-3-released/">Jekyll 1.0.3 Released</option>
<option value="/news/2013/05/12/jekyll-1-0-2-released/">Jekyll 1.0.2 Released</option>
<option value="/news/2013/05/08/jekyll-1-0-1-released/">Jekyll 1.0.1 Released</option>
<option value="/news/2013/05/05/jekyll-1-0-0-released/">Jekyll 1.0.0 Released</option>
</optgroup>
</select>
</div>
<div class="unit four-fifths">
<article>
<h2>
Jekyll 1.4.3 Released
<a href="/news/2014/01/13/jekyll-1-4-3-released/" class="header-link" title="Permalink">
<span class="sr-only">Permalink</span>
<i class="fa fa-link"></i>
</a>
</h2>
<span class="post-category">
<span class="label">
release
</span>
</span>
<div class="post-meta">
<span class="post-date">
13 Jan 2014
</span>
<a href="https://github.com/benbalter" class="post-author">
<img class="avatar avatar-small" alt="benbalter" width="24" height="24" data-proofer-ignore="true" src="https://avatars0.githubusercontent.com/benbalter?v=3&s=24" srcset="https://avatars0.githubusercontent.com/benbalter?v=3&s=24 1x, https://avatars0.githubusercontent.com/benbalter?v=3&s=48 2x, https://avatars0.githubusercontent.com/benbalter?v=3&s=72 3x, https://avatars0.githubusercontent.com/benbalter?v=3&s=96 4x">
benbalter
</a>
</div>
<div class="post-content">
<p>Jekyll 1.4.3 contains two <strong>critical</strong> security fixes. If you run Jekyll locally
and do not run Jekyll in “safe” mode (e.g. you do not build Jekyll sites on behalf
of others), you are not affected and are not required to update at this time.
(<a href="https://github.com/jekyll/jekyll/pull/1944">See pull request.</a>)</p>
<p>Versions of Jekyll prior to 1.4.3 and greater than 1.2.0 may allow malicious
users to expose the content of files outside the source directory in the
generated output via improper symlink sanitization, potentially resulting in an
inadvertent information disclosure.</p>
<p>Versions of Jekyll prior to 1.4.3 may also allow malicious users to write
arbitrary <code class="highlighter-rouge">.html</code> files outside of the destination folder via relative path
traversal, potentially overwriting otherwise-trusted content with arbitrary HTML
or Javascript depending on your server’s configuration.</p>
<p><em>Maintainer’s note: Many thanks to <a href="https://github.com/gregose" class="user-mention">@gregose</a> and <a href="https://github.com/charliesome" class="user-mention">@charliesome</a> for discovering
these vulnerabilities, and to <a href="https://github.com/BenBalter" class="user-mention">@BenBalter</a> and <a href="https://github.com/alindeman" class="user-mention">@alindeman</a> for writing the patch.</em></p>
</div>
</article>
</div>
<div class="unit one-fifth hide-on-mobiles">
<aside>
<ul>
<li class="">
<a href="/news/">All News</a>
</li>
<li class="">
<a href="/news/releases/">Jekyll Releases</a>
</li>
</ul>
<h4>Recent Releases</h4>
<ul>
<li class="">
<a href="/news/2018/06/05/jekyll-3-8-3-released/">Version 3.8.3</a>
</li>
<li class="">
<a href="/news/2018/05/19/jekyll-3-8-2-released/">Version 3.8.2</a>
</li>
<li class="">
<a href="/news/2018/05/01/jekyll-3-8-1-released/">Version 3.8.1</a>
</li>
<li class="">
<a href="/news/2018/02/24/jekyll-3-7-3-released/">Version 3.7.3</a>
</li>
<li class="">
<a href="/news/2018/01/25/jekyll-3-7-2-released/">Version 3.7.2</a>
</li>
<li>
<a href="/docs/history/">History »</a>
</li>
</ul>
<h4>Other News</h4>
<ul>
<li class="">
<a href="/news/2018/02/19/meet-jekyll-s-new-lead-developer/">Meet Jekyll's New Lead Developer</a>
</li>
<li class="">
<a href="/news/2017/10/19/diversity-open-source/">Diversity in Open Source, and Jekyll's role in it</a>
</li>
<li class="">
<a href="/news/2016/08/24/jekyll-admin-initial-release/">Jekyll Admin Initial Release</a>
</li>
<li class="">
<a href="/news/2016/06/03/update-on-jekyll-s-google-summer-of-code-projects/">Jekyll's Google Summer of Code Project: The CMS You Always Wanted</a>
</li>
<li class="">
<a href="/news/2016/03/10/making-it-easier-to-contribute-to-jekyll/">Making it easier to contribute to Jekyll</a>
</li>
<li class="">
<a href="/news/2015/02/26/introducing-jekyll-talk/">Join the Discussion at Jekyll Talk</a>
</li>
<li class="">
<a href="/news/2015/01/20/jekyll-meet-and-greet/">Jekyll Meet & Greet at GitHub HQ</a>
</li>
<li class="">
<a href="/news/2014/12/17/alfredxing-welcome-to-jekyll-core/">Alfred Xing has joined the Jekyll core team</a>
</li>
<li class="">
<a href="/news/2014/06/04/jekyll-stickers-1-dollar-stickermule/">Pick Up your $1 Jekyll Sticker</a>
</li>
</ul>
</aside>
</div>
<div class="clear"></div>
</div>
</section>
<footer>
<div class="grid">
<div class="unit one-third center-on-mobiles">
<p>The contents of this website are <br>© 2018 under the terms of the <a href="https://github.com/jekyll/jekyll/blob/master/LICENSE">MIT License</a>.</p>
</div>
<div class="unit two-thirds align-right center-on-mobiles">
<p>
Proudly hosted by
<a href="https://github.com">
<img src="/img/footer-logo.png" width="100" height="30" alt="GitHub • Social coding">
</a>
</p>
</div>
</div>
</footer>
<script>
var anchorForId = function (id) {
var anchor = document.createElement("a");
anchor.className = "header-link";
anchor.href = "#" + id;
anchor.innerHTML = "<span class=\"sr-only\">Permalink</span><i class=\"fa fa-link\"></i>";
anchor.title = "Permalink";
return anchor;
};
var linkifyAnchors = function (level, containingElement) {
var headers = containingElement.getElementsByTagName("h" + level);
for (var h = 0; h < headers.length; h++) {
var header = headers[h];
if (typeof header.id !== "undefined" && header.id !== "") {
header.appendChild(anchorForId(header.id));
}
}
};
document.onreadystatechange = function () {
if (this.readyState === "complete") {
var contentBlock = document.getElementsByClassName("docs")[0] || document.getElementsByClassName("news")[0];
if (!contentBlock) {
return;
}
for (var level = 1; level <= 6; level++) {
linkifyAnchors(level, contentBlock);
}
}
};
</script>
<!-- Google Analytics (https://www.google.com/analytics) -->
<script>
!function(j,e,k,y,l,L){j.GoogleAnalyticsObject=y,j[y]||(j[y]=function(){
(j[y].q=j[y].q||[]).push(arguments)}),j[y].l=+new Date,l=e.createElement(k),
L=e.getElementsByTagName(k)[0],l.src='https://www.google-analytics.com/analytics.js',
L.parentNode.insertBefore(l,L)}(window,document,'script','ga');
ga('create', 'UA-50755011-1', 'jekyllrb.com');
ga('send', 'pageview');
</script>
<script type="text/javascript" src="https://cdn.jsdelivr.net/npm/docsearch.js@2/dist/cdn/docsearch.min.js"></script>
<script type="text/javascript"> docsearch({
apiKey: '50fe39c839958dfad797000f33e2ec17',
indexName: 'jekyllrb',
inputSelector: '#docsearch-input',
enhancedSearchInput: true,
debug: false // Set debug to true if you want to inspect the dropdown
});
</script>
</body>
</html>