On May 29, 2008, at 7:21 AM, Damian wrote:
Just to clarify, will upgrading to routes 1.8 also resolve the problem, and does just upgrading pylons resolve the problem?
Upgrading Pylons will force Routes to 1.7.3 which is a partial fix. Routes 1.8 upgrade has the same effect. It fixes the immediate vulnerability, but changing your error.py controller to either remove those methods, or use the StaticURLParser is the best way to ensure the problem is resolved.
Cheers, Ben
smime.p7s
Description: S/MIME cryptographic signature
