This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "snap-website".
The branch, master has been updated
via 2f03c47aac4df2faa2bac5387baf38e502433200 (commit)
from 8b76d4714c10d5b3eb94274861670926a59e0185 (commit)
Summary of changes:
.../content/2010/11/10/snap-0.2.16-released.md | 24 ++++++++++++++++++++
snap-website.cabal | 4 +-
src/Main.hs | 10 +-------
3 files changed, 27 insertions(+), 11 deletions(-)
create mode 100644 blogdata/content/2010/11/10/snap-0.2.16-released.md
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2f03c47aac4df2faa2bac5387baf38e502433200
Author: Gregory Collins <[email protected]>
Date: Wed Nov 10 21:47:57 2010 +0100
Bump website to 0.3, blog post for 0.2.16
diff --git a/blogdata/content/2010/11/10/snap-0.2.16-released.md
b/blogdata/content/2010/11/10/snap-0.2.16-released.md
new file mode 100644
index 0000000..b4c96aa
--- /dev/null
+++ b/blogdata/content/2010/11/10/snap-0.2.16-released.md
@@ -0,0 +1,24 @@
+| title: Announcing: Snap Framework v0.2.16
+| author: Gregory Collins <[email protected]>
+| published: 2010-11-10T21:48:00+0100
+| updated: 2010-11-10T21:48:00+0100
+| summary: Release notes for version 0.2.16 of the Snap Framework: a fix for a
critical security vulnerability
+
+Hi all,
+
+The Snap team is pleased to announce the release of Snap 0.2.16. **This release
+fixes a critical security vulnerability and all users of Snap should upgrade
+immediately.**
+
+Changes since 0.2.15
+=====================
+
+We're not entirely sure how we didn't catch this, but a commit made back in
+April of this year caused our fileServe code to have a critical vulnerability
+which allowed it to serve any file on the disk, including
+`/etc/passwd`. Obviously if you are using Snap's file serving code, you should
+upgrade to Snap 0.2.16 **immediately**.
+
+Thanks,
+
+--The Snap team
diff --git a/snap-website.cabal b/snap-website.cabal
index 2be88d1..4b1220b 100644
--- a/snap-website.cabal
+++ b/snap-website.cabal
@@ -27,8 +27,8 @@ Executable snap-website
MonadCatchIO-transformers >= 0.2 && < 0.3,
monads-fd,
process,
- snap-core >= 0.2.12 && <0.3,
- snap-server >= 0.2.12 && <0.3,
+ snap-core >= 0.3 && <0.4,
+ snap-server >= 0.3 && <0.4,
snap-static-pages >= 0.0.1 && <0.1,
text,
time,
diff --git a/src/Main.hs b/src/Main.hs
index 197b4fd..691d034 100644
--- a/src/Main.hs
+++ b/src/Main.hs
@@ -236,17 +236,9 @@ setLocaleToUTF8 = do
------------------------------------------------------------------------------
main :: IO ()
main = do
- args <- getArgs
- port <- case args of
- [] -> error "You must specify a port!" >> exitFailure
- (port:_) -> return $ read port
-
ss <- initSiteState
- (try $ httpServe "*" port "myserver"
- (Just "access.log")
- (Just "error.log")
- (site ss)) :: IO (Either SomeException ())
+ quickHttpServe (site ss)
putStrLn "exiting"
return ()
-----------------------------------------------------------------------
hooks/post-receive
--
snap-website
_______________________________________________
Snap mailing list
[email protected]
http://mailman-mail5.webfaction.com/listinfo/snap
