[2.2.x] Refs #32718 -- Corrected CVE-2021-31542 release notes.
Backport of d1f1417cae
from main.
This commit is contained in:
parent
88d9b28c0c
commit
3ba089ac7e
|
@ -13,5 +13,4 @@ CVE-2021-31542: Potential directory-traversal via uploaded files
|
||||||
directory-traversal via uploaded files with suitably crafted file names.
|
directory-traversal via uploaded files with suitably crafted file names.
|
||||||
|
|
||||||
In order to mitigate this risk, stricter basename and path sanitation is now
|
In order to mitigate this risk, stricter basename and path sanitation is now
|
||||||
applied. Specifically, empty file names and paths with dot segments will be
|
applied.
|
||||||
rejected.
|
|
||||||
|
|
Loading…
Reference in New Issue