TurboGears 0.8.8 security fix release

Jan 10, 2006 18:21 · 83 words · 1 minute read

I have just released TurboGears 0.8.8. The only change from 0.8.7 is the requirement of CherryPy 2.1.1.

The staticfilter of CherryPy 2.1.0 has a serious security flaw that would allow people to retrieve files from “..”. You should update as soon as possible:

Thanks to Remi Delon and the others on the CherryPy team for a fast fix and release on this issue!