From b4bfd995a39d9c536b07ed2e6294fa54dd68ccac Mon Sep 17 00:00:00 2001
From: "Tobias S. Josefowitz" <tobij@tobij.de>
Date: Wed, 7 Oct 2020 00:01:43 +0200
Subject: [PATCH] CHANGES: Document Tools.Standalone.httpserver directory
 traversal

---
 CHANGES | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGES b/CHANGES
index df27c5bfef..3229d08bbb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -276,6 +276,11 @@ o Thread.ResourceCount
 
   Fixed mutex handling.
 
+o Tools.Standalone.httpserver
+
+  The builtin webserver tool shipped with Pike (pike -x httpserver) was
+  previously susceptible to a directory traversal attack via URL encoding.
+
 Building & Tools
 ----------------
 
-- 
GitLab