diff options
| author | ianb <devnull@localhost> | 2006-06-22 04:56:38 +0000 |
|---|---|---|
| committer | ianb <devnull@localhost> | 2006-06-22 04:56:38 +0000 |
| commit | 1f8bbe9c6a9ed81fe4b689378c1a10f1bf0ec8b3 (patch) | |
| tree | 900238ed378162929160f92eda48f65b920227c6 | |
| parent | 2c2b438bac570e38c62f004a194574c8b1a30bba (diff) | |
| download | paste-0.9.4.tar.gz | |
Rearranged news a little0.9.4
| -rw-r--r-- | docs/news.txt | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/docs/news.txt b/docs/news.txt index 7162570..e97e461 100644 --- a/docs/news.txt +++ b/docs/news.txt @@ -6,7 +6,11 @@ NEWS 0.9.4 ----- -* More control of where the output of ``paste.debug.prints`` goes +* Fixed a security vulnerability in ``paste.urlparser``'s StaticURLParser + and PkgResourcesParser where, with some servers, you could escape + the document root. + +* More control of where the output of ``paste.debug.prints`` goes. * Added a warning to ``paste.wsgilib.add_close`` if the upstream app_iter consumer doesn't call the ``app_iter.close()`` method. @@ -19,8 +23,11 @@ NEWS * Fixed ``paste.urlparser`` classes to handle quoted characters (e.g. %20) in URL paths. -* Fixed a security vulnerability in ``paste.urlparser``'s StaticURLParser - and PkgResourcesParser when running under paste's httpserver. +* Changed ``paste.session`` to allow manipulating a session for the + first time after ``start_response`` is called. + +* Added ``paste.wsgilib.add_start_close`` which calls a function just + before returning the first chunk of the app_iter. 0.9.3 ----- |