"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "docs/content/en/news/0.79.1-relnotes/index.md" between
hugo-0.80.0.tar.gz and hugo-0.81.0.tar.gz

About: Hugo is a static site generator that takes a source directory of Markdown files and templates and uses these as input to create a complete website (written in Go).

index.md  (hugo-0.80.0):index.md  (hugo-0.81.0)
--- ---
date: 2020-12-19 date: 2020-12-19
title: "Hugo 0.79.1: A couple of Bug Fixes" title: "Hugo 0.79.1: One Security Patch for Hugo on Windows"
description: "This version fixes a couple of bugs introduced in 0.79.0." description: "Disallow running of e.g. Pandoc in the current directory."
categories: ["Releases"] categories: ["Releases"]
images: images:
- images/blog/hugo-bug-poster.png - images/blog/hugo-bug-poster.png
--- ---
This is a bug-fix release with one important fix. Hugo depends on Go's `os/exec` for certain features, e.g. for rendering of Pando c documents if these binaries are found in the system `%PATH%` on Windows. Howev er, if a malicious file with the same name (`exe` or `bat`) was found in the cur rent working directory at the time of running `hugo`, the malicious command woul d be invoked instead of the system one.
* Improve LookPath [4a8267d6](https://github.com/gohugoio/hugo/commit/4a8267d64a Windows users who ran `hugo` inside untrusted Hugo sites were affected.
40564aced0695bca05249da17b0eab) [@bep](https://github.com/bep)
The origin of this issue comes from Go, see https://github.com/golang/go/issues/
38736
We have fixed this in Hugo by [using](https://github.com/gohugoio/hugo/commit/4a
8267d64a40564aced0695bca05249da17b0eab) a patched version of `exec.LookPath` fro
m https://github.com/cli/safeexec (thanks to [@mislav](https://github.com/mislav
) for the implementation).
Thanks to [@Ry0taK](https://github.com/Ry0taK) for the bug report.
 End of changes. 3 change blocks. 
3 lines changed or deleted 3 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)