Documented security fix in changelog

14 years ago · b92120b190
1 changed files with 3 additions and 0 deletions
--- a/3
+++ b/3
@ -40,6 +40,9 @@ Bugfix release, release date to be announced.
  module setups.
 - Fixed an issue where the subdomain setting for modules was
  ignored for the static folder.
+- Fixed a security problem that allowed clients to download arbitrary files
+  if the host server was a windows based operating system and the client
+  uses backslashes to escape the directory the files where exposed from.

 Version 0.6
 -----------