Re: CVE-2015-1834 CC Path Traversal vulnerability

Dieu Cao <dcao@...>

Yes, that's the correct commit to cherry pick for the cc path traversal

CF Runtime PM

On Tue, May 26, 2015 at 12:30 AM, nota-ja <dev(a)> wrote:

I understand the CFF strongly recommends to upgrade to v208 or after, but
those (including us) who cannot immediately upgrade, I want to know if
is a workaround against this vulnerability.

I've found that there is a commit which seems related this vulnerability:

Cherry-picking this commit may be a workaround? Or we need another commits
to cherry-pick?

Thanks in advance.

View this message in context:
Sent from the CF Dev mailing list archive at
cf-dev mailing list

Join { to automatically receive all group messages.