Hot on the heels of 1.4.5, we have another update, fixing a potential security hole.
This is a security fix and bugfix release. As always, there will be no incompatible protocol changes until version 2.0. A client written for version 1.4.6 will work unmodified with any later 1.x release of beanstalkd. What's New ---------- * The put command now discards the entire job body before returning JOB_TOO_BIG. Previously, it interpreted the job body as commands. This was a potential security hole, where malicious users could craft job payload data to inject commands without cooperation from the beanstalk client application. * Fix issue #40 by requiring an absolute path when `-b` is used with `-d`. Full list of changes in this release (includes authorship information): <http://github.com/kr/beanstalkd/compare/v1.4.5...v1.4.6> Our Urls -------- Download the 1.4.6 tarball directly: <http://xph.us/dist/beanstalkd/beanstalkd-1.4.6.tar.gz> Learn all about beanstalk: <http://kr.github.com/beanstalkd/> Talk about beanstalk development or use at: <http://groups.google.com/group/beanstalk-talk> Bugs ---- Please report any bugs to: <http://github.com/kr/beanstalkd/issues> kr -- You received this message because you are subscribed to the Google Groups "beanstalk-talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/beanstalk-talk?hl=en.
