Bug 249486

Summary: sysutils/rest-server: Update 0.10.0
Product: Ports & Packages Reporter: Massimo Lusetti <massimo>
Component: Individual Port(s)Assignee: Dave Cottlehuber <dch>
Status: Closed FIXED    
Severity: Affects Only Me Flags: bugzilla: maintainer-feedback? (dch)
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
update to version 0.10.0 none

Description Massimo Lusetti 2020-09-20 17:46:44 UTC
Created attachment 218112 [details]
update to version 0.10.0

Update rest-server to latest version which fix a path traversal bug with a stricter path sanitization.
Comment 1 commit-hook freebsd_committer 2020-10-17 13:28:43 UTC
A commit references this bug:

Author: dch
Date: Sat Oct 17 13:27:55 UTC 2020
New revision: 552570
URL: https://svnweb.freebsd.org/changeset/ports/552570

Log:
  sysutils/rest-server: update to 0.10.0

  PR:		249486
  Submitted by:	Massimo Lusetti <massimo@datacode.it>
  MFH:		2020Q4
  Security:	sanitize path to prevent path traversal vulnerabilities
  Sponsored by:	SkunkWerks, GmbH

Changes:
  head/sysutils/rest-server/Makefile
  head/sysutils/rest-server/distinfo
Comment 2 Dave Cottlehuber freebsd_committer 2020-10-17 13:55:38 UTC
thanks Massimo! Glad to hear somebody else is also finding this useful.
Comment 3 commit-hook freebsd_committer 2020-10-17 22:39:04 UTC
A commit references this bug:

Author: dch
Date: Sat Oct 17 22:38:26 UTC 2020
New revision: 552609
URL: https://svnweb.freebsd.org/changeset/ports/552609

Log:
  MFH: r552570

  sysutils/rest-server: update to 0.10.0

  PR:		249486
  Submitted by:	Massimo Lusetti <massimo@datacode.it>
  Security:	sanitize path to prevent path traversal vulnerabilities
  Sponsored by:	SkunkWerks, GmbH

  Approved by:	ports-secteam

Changes:
_U  branches/2020Q4/
  branches/2020Q4/sysutils/rest-server/Makefile
  branches/2020Q4/sysutils/rest-server/distinfo
Comment 4 Massimo Lusetti 2020-10-18 13:33:01 UTC
(In reply to Dave Cottlehuber from comment #2)

Incredibly useful!

Thanks for let this go in and for the backporting in the quarterly branch!