[Winstone-devel] Winstone security issue

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

Our security scanner appliance flagged Winstone v0.9.10 for allowing the
"../" syntax to be able to pull any readable file off of the system via
HTTP without authentication.  Is there an update to Winstone that fixes
this issue, or is there a configuration setting that can plug this hole?

-john-