💾 Archived View for gemi.dev › gemini-mailing-list › 000147.gmi captured on 2023-11-04 at 12:28:43. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Greetings, A vulnerability was recently discovered regarding the jetforce server. There was a bug in the code that allowed maliciously crafted URLs to break out of the root directory and serve files from elsewhere on the filesystem [1]. I have fixed the issue and have uploaded a new release v0.2.3 to PyPI and Github [2][3]. This is a bugfix-only release and does not contain any other breaking changes. I now consider all versions < v0.2.3 to be insecure. If you are running jetforce, I strongly urge you to upgrade to the latest version as soon as possible. Best, Michael [1] https://github.com/michael-lazar/jetforce/issues/24 [2] https://github.com/michael-lazar/jetforce/releases/tag/v0.2.3 [3] https://pypi.org/project/Jetforce/0.2.3/
---