Contents

---
layout: news_item
title: 'Jekyll 1.4.3 Released'
date: 2014-01-13 17:43:32 -0800
author: benbalter
version: 1.4.3
categories: [release]
---

Jekyll 1.4.3 contains two **critical** security fixes. If you run Jekyll locally
and do not run Jekyll in "safe" mode (e.g. you do not build Jekyll sites on behalf
of others), you are not affected and are not required to update at this time.
([See pull request.]({{ site.repository }}/pull/1944))

Versions of Jekyll prior to 1.4.3 and greater than 1.2.0 may allow malicious
users to expose the content of files outside the source directory in the
generated output via improper symlink sanitization, potentially resulting in an
inadvertent information disclosure.

Versions of Jekyll prior to 1.4.3 may also allow malicious users to write
arbitrary `.html` files outside of the destination folder via relative path
traversal, potentially overwriting otherwise-trusted content with arbitrary HTML
or Javascript depending on your server's configuration.

*Maintainer's note: Many thanks to @gregose and @charliesome for discovering
these vulnerabilities, and to @BenBalter and @alindeman for writing the patch.*

Version data entries

17 entries across 17 versions & 2 rubygems

Version	Path
jekyll-docs-3.1.6	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-docs-3.1.5	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-docs-3.1.4	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-docs-3.1.3	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-docs-3.1.2	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-docs-3.0.3	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-2.2.0	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-2.1.1	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-2.1.0	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-2.0.3	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-2.0.2	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-2.0.1	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-2.0.0	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-2.0.0.rc1	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-2.0.0.alpha.3	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-2.0.0.alpha.2	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown
jekyll-2.0.0.alpha.1	site/_posts/2014-01-13-jekyll-1-4-3-released.markdown