Created attachment 218112 [details] update to version 0.10.0 Update rest-server to latest version which fix a path traversal bug with a stricter path sanitization.
A commit references this bug: Author: dch Date: Sat Oct 17 13:27:55 UTC 2020 New revision: 552570 URL: https://svnweb.freebsd.org/changeset/ports/552570 Log: sysutils/rest-server: update to 0.10.0 PR: 249486 Submitted by: Massimo Lusetti <massimo@datacode.it> MFH: 2020Q4 Security: sanitize path to prevent path traversal vulnerabilities Sponsored by: SkunkWerks, GmbH Changes: head/sysutils/rest-server/Makefile head/sysutils/rest-server/distinfo
thanks Massimo! Glad to hear somebody else is also finding this useful.
A commit references this bug: Author: dch Date: Sat Oct 17 22:38:26 UTC 2020 New revision: 552609 URL: https://svnweb.freebsd.org/changeset/ports/552609 Log: MFH: r552570 sysutils/rest-server: update to 0.10.0 PR: 249486 Submitted by: Massimo Lusetti <massimo@datacode.it> Security: sanitize path to prevent path traversal vulnerabilities Sponsored by: SkunkWerks, GmbH Approved by: ports-secteam Changes: _U branches/2020Q4/ branches/2020Q4/sysutils/rest-server/Makefile branches/2020Q4/sysutils/rest-server/distinfo
(In reply to Dave Cottlehuber from comment #2) Incredibly useful! Thanks for let this go in and for the backporting in the quarterly branch!