An error occurred fetching the project authors.
- 31 Jan, 2019 2 commits
-
-
Constance Okoghenun authored
-
Kamil Trzciński authored
RubyZip allows us to perform strong validation of expanded paths where we do extract file. We introduce the following additional checks to extract routines: 1. None of path components can be symlinked, 2. We drop privileges support for directories, 3. Symlink source needs to point within the target directory, like `public/`, 4. The symlink source needs to exist ahead of time.
-
- 28 Jan, 2019 1 commit
-
-
GitLab Release Tools Bot authored
[ci skip]
-
- 22 Jan, 2019 1 commit
-
-
Kamil Trzciński authored
RubyZip allows us to perform strong validation of expanded paths where we do extract file. We introduce the following additional checks to extract routines: 1. None of path components can be symlinked, 2. We drop privileges support for directories, 3. Symlink source needs to point within the target directory, like `public/`, 4. The symlink source needs to exist ahead of time.
-