| tag | 4f91f8c3518e4b49a28ad88a25dbce38e853b611 | |
| object | a1c4506c011b071a9aef0145827b51ffe4d5cd60 | commit |
| author | Eric Wong <normalperson@yhbt.net> | |
| Tue, 6 Dec 2011 02:58:56 +0000 (5 18:58 -0800) |
clogger 1.1.0 - more escaping!
This release fixes potential vulnerabilities when escape
sequences are viewed in certain terminals.
The 0x7F-0xFF byte range is escaped to match behavior of nginx
1.0.9+, as some character sets may have escape characters in
that range.
$cookie_* values are now escaped to be consistent with the
behavior of the $http_cookie value. All users of $cookie_* in
their log format must upgrade (of course there may be no
Clogger users other than myself, and I don't use $cookie_*)
This release fixes potential vulnerabilities when escape
sequences are viewed in certain terminals.
The 0x7F-0xFF byte range is escaped to match behavior of nginx
1.0.9+, as some character sets may have escape characters in
that range.
$cookie_* values are now escaped to be consistent with the
behavior of the $http_cookie value. All users of $cookie_* in
their log format must upgrade (of course there may be no
Clogger users other than myself, and I don't use $cookie_*)