You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by "Jeffrey W. Baker" <jw...@acm.org> on 2000/09/02 00:47:47 UTC

Announce: Apache::Session 1.53

Apache::Session 1.53 has been released.  Fixed in this release:

* Three bugs in the file handling code found by Erik Rantapaa and Bart
Shaefer. 

* A possible security vulnerability involving bogus session IDs like
'../../../../../etc/passwd'.  Don't worry, I wasn't able to actually think
of an exploit, but I put in sanity checks on the session IDs just in case.

Have fun,
Jeffrey Baker