Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VERSION: release v0.4.1 #48

Merged
merged 2 commits into from
Jan 28, 2025
Merged

VERSION: release v0.4.1 #48

merged 2 commits into from
Jan 28, 2025

Conversation

cyphar
Copy link
Owner

@cyphar cyphar commented Jan 28, 2025 

github.com/cyphar/filepath-securejoin v0.4.1

This release fixes a regression introduced in one of the hardening
features added to filepath-securejoin 0.4.0.

- The restrictions added for root paths passed to SecureJoin in 0.4.0
  was found to be too strict and caused some regressions when folks
  tried to update, so this restriction has been relaxed to only return
  an error if the path contains a ".." component. We still recommend
  users use filepath.Clean (and even filepath.EvalSymlinks) on the root
  path they are using, but at least you will no longer be punished for
  "trivial" unclean paths.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

cyphar added 2 commits January 28, 2025 18:38
@cyphar
VERSION: release v0.4.1
7abd870 
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
@cyphar
VERSION: back to development
d1f0911 
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
@cyphar cyphar mentioned this pull request Jan 28, 2025
Closed
@cyphar cyphar merged commit f277210 into main Jan 28, 2025
40 checks passed
@cyphar cyphar deleted the release-0.4.1 branch January 28, 2025 11:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@cyphar