mirror of
https://github.com/RsyncProject/rsync.git
synced 2026-04-25 16:49:42 -04:00
Mention the security fix.
This commit is contained in:
8
NEWS
8
NEWS
@@ -2,6 +2,14 @@ NEWS for rsync 2.6.3 (UNRELEASED)
|
||||
Protocol: 28 (unchanged)
|
||||
Changes since 2.6.2:
|
||||
|
||||
SECURITY FIXES:
|
||||
|
||||
- A bug in the sanitize_path routine (which affects a non-chrooted
|
||||
rsync daemon) could allow a user to specify an absolute path for
|
||||
certain options (but not for file-transfer names). If you're running
|
||||
a rsync daemon with chroot disabled, *please upgrade*, ESPECIALLY if
|
||||
the user privs you run rsync under is anything above "nobody".
|
||||
|
||||
OUTPUT CHANGES (ATTN: those using a script to parse the verbose output):
|
||||
|
||||
- Please note that the 2-line footer (output when verbose) now uses the
|
||||
|
||||
Reference in New Issue
Block a user