Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE-2018-1000544 and disable symlinks to avoid other security issues #376

Merged
merged 11 commits into from Aug 31, 2018
Merged

Fix CVE-2018-1000544 and disable symlinks to avoid other security issues #376

merged 11 commits into from Aug 31, 2018

Commits on Aug 23, 2018

  1. Fix CVE-2018-1000544 absolute path traversal 

    Small refactor along the way to centralize destination handling when no explicit path is given and a potential malicious one from the zipfile is used
    @bdewater
    bdewater committed Aug 23, 2018
    Copy the full SHA
    6e0d231 View commit details
    Browse the repository at this point in the history

  2. Fix CVE-2018-1000544 symlink path traversal 

    Not sure if the exception is the right way to go
    @bdewater
    bdewater committed Aug 23, 2018
    Copy the full SHA
    8e78311 View commit details
    Browse the repository at this point in the history

Commits on Aug 26, 2018

  1. Move jruby to allow failures matrix till crc uint 32 issues are resolved

    @vipulnsward @bdewater
    vipulnsward authored and bdewater committed Aug 26, 2018
    Copy the full SHA
    cf71583 View commit details
    Browse the repository at this point in the history

  2. Trigger CI again

    @bdewater
    bdewater committed Aug 26, 2018
    Copy the full SHA
    0586329 View commit details
    Browse the repository at this point in the history

  3. Add jwilk's path traversal tests

    @jdleesmiller
    jdleesmiller committed Aug 26, 2018
    Copy the full SHA
    9c468f3 View commit details
    Browse the repository at this point in the history

  4. Consolidate path traversal tests

    @jdleesmiller
    jdleesmiller committed Aug 26, 2018
    Copy the full SHA
    ffebfa3 View commit details
    Browse the repository at this point in the history

  5. Disable symlinks and check for path traversal

    @jdleesmiller
    jdleesmiller committed Aug 26, 2018
    Copy the full SHA
    3dd165b View commit details
    Browse the repository at this point in the history

  6. Expand from root rather than current working directory

    @jdleesmiller
    jdleesmiller committed Aug 26, 2018
    Copy the full SHA
    8a1de58 View commit details
    Browse the repository at this point in the history

Commits on Aug 27, 2018

  1. Bump version to 2.0.0

    @jdleesmiller
    jdleesmiller committed Aug 27, 2018
    Copy the full SHA
    ffb374c View commit details
    Browse the repository at this point in the history

  2. Bump version to 1.3.0

    @jdleesmiller
    jdleesmiller committed Aug 27, 2018
    Copy the full SHA
    cf35774 View commit details
    Browse the repository at this point in the history

  3. Bump version to 1.2.2

    @jdleesmiller
    jdleesmiller committed Aug 27, 2018
    1
    Copy the full SHA
    fd81bd5 View commit details
    Browse the repository at this point in the history