send
Advanced tools
Comparing version 0.8.4 to 0.8.5
@@ -0,1 +1,6 @@ | ||
| 0.8.5 / 2014-09-04 | ||
| ================== | ||
| * Fix malicious path detection for empty string path | ||
| 0.8.4 / 2014-09-04 | ||
@@ -2,0 +7,0 @@ ================== |
@@ -418,3 +418,3 @@ | ||
| // malicious path | ||
| if (path.substr(0, root.length) !== root) { | ||
| if ((path + sep).substr(0, root.length) !== root) { | ||
| debug('malicious path "%s"', path) | ||
@@ -421,0 +421,0 @@ return this.error(403) |
| { | ||
| "name": "send", | ||
| "description": "Better streaming static file server with Range and conditional-GET support", | ||
| "version": "0.8.4", | ||
| "version": "0.8.5", | ||
| "author": "TJ Holowaychuk <tj@vision-media.ca>", | ||
@@ -28,3 +28,3 @@ "contributors": [ | ||
| "devDependencies": { | ||
| "istanbul": "0.3.0", | ||
| "istanbul": "0.3.2", | ||
| "mocha": "~1.21.0", | ||
@@ -31,0 +31,0 @@ "should": "~4.0.0", |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by0.38%
27344
No dependency changes