💾 Archived View for rawtext.club › ~sloum › geminilist › 001042.gmi captured on 2020-09-24 at 02:09:38. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Michael Lazar lazar.michael22 at gmail.com
Mon May 25 17:44:45 BST 2020
- - - - - - - - - - - - - - - - - - -
Greetings,
A vulnerability was recently discovered regarding the jetforce server. Therewas a bug in the code that allowed maliciously crafted URLs to break out oftheroot directory and serve files from elsewhere on the filesystem [1].
I have fixed the issue and have uploaded a new release v0.2.3 to PyPI andGithub [2][3]. This is a bugfix-only release and does not contain any otherbreaking changes. I now consider all versions < v0.2.3 to be insecure. Ifyouare running jetforce, I strongly urge you to upgrade to the latest versionassoon as possible.
Best,Michael
[1] https://github.com/michael-lazar/jetforce/issues/24[2] https://github.com/michael-lazar/jetforce/releases/tag/v0.2.3[3] https://pypi.org/project/Jetforce/0.2.3/-------------- next part --------------An HTML attachment was scrubbed...URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20200525/6ce17ffc/attachment.htm>