[jifty-devel] SECURITY UPDATE: Jifty 0.60706
jesse at bestpractical.com
Fri Jul 7 00:36:25 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Heads up! We ran into a potentially exploitable hole in Jifty's
(when paired with the standalone webserver) this afternoon. You really
should update your Jifty applications to this latest release as soon
I'm terribly sorry for any trouble this might have caused you.
* SECURITY UPDATE: Previous versions of Jifty did not
protect users against a class of remote data access vulnerability.
attacker knew the structure of your local filesystem and you were
the "standalone" webserver in production, the attacker could gain
only access to local files.
We found this vulnerability on 6 July 2006 during an internal
scan. We've added new tests to ensure that these and other similar
vulnerabilities don't recur.
We recommend that ALL users of Jifty UPGRADE to 0.60706 IMMEDIATELY.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
-----END PGP SIGNATURE-----
More information about the jifty-devel