Augie, On Thursday, 2017-08-10 14:11:52 -0400, you wrote:
> ... > > CVE-2017-1000115: > > > > Mercurial's symlink auditing was incomplete prior to 4.3, and could be > > abused to write to files outside the repository. What precisely does that mean? Is it no longer possible to have a vers- ion controlled symbolic link somewhere in the working directory which points to some place outside the Mercurial repository? Some of my re- positories heavily depend on this :-( I searched the web for "CVE-2017-1000115", but found neither a detailed description of the problem nor of the solution. Anybody caring to shed some light on this? Sincerely, Rainer _______________________________________________ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel