File tree Expand file tree Collapse file tree 1 file changed +12
-0
lines changed
Expand file tree Collapse file tree 1 file changed +12
-0
lines changed Original file line number Diff line number Diff line change 11Version 0.19.0 - 2023-06-15
22
3+ Fixed path traversal vulnerability in file uploads when
4+ generate_random_filename_on_upload is disabled.
5+ Fixed TOCTOU race in file_response by replacing stat-then-open with
6+ open-then-fstat; added O_NOFOLLOW on non-Windows.
7+ Fixed file descriptor leaks in file_response on lseek failure and
8+ zero-size file paths.
9+ Fixed NULL pointer dereference when MHD_get_connection_info returns
10+ nullptr for TCP_NODELAY.
11+ Fixed uninitialized _file_size in file_info.
12+ Fixed auth skip path bypass via path traversal (e.g. /public/../protected).
13+ Fixed use of free() instead of MHD_free() for digest auth username.
14+ Fixed unchecked write error during file upload.
315 Considering family_url as part of the priority when selecting a URL to match.
416 More explicit selection of C++ version.
517 Ability to handle multiple parameters with the same name on the URL.
You can’t perform that action at this time.
0 commit comments