v2.40.1 #600

joseluisq · 2025-12-08T02:58:59Z

joseluisq
Dec 8, 2025
Maintainer

This new v2.40.1 release brings important security bug fixes for users serving directories with symbolic links (symlinks) as well as other minor improvements.

Security vulnerability patch

This particular release patches a Symbolic link path traversal vulnerability (GHSA-459f-x8vq-xjjm)
Any web server that runs with elevated privileges (e.g., root/administrator) and handles user-supplied file uploads is primarily impacted.

We encourage users to update as soon as possible.

Fixes

9b7297c Update dependencies like async-compression, log, libc and others. Update dependencies 2025-12-08 #599 by @joseluisq
308f0d2 Fix incorrect symbolic link handling by @joseluisq

Refactorings

ce3a51c CI: Dedicated workflow for project documentation checks. Dedicated CI workflow for project documentation checks #596 by @mschoettle
dd43d06 Misc: Markdown format check support for project documentation. Format Markdown files with mdformat #597 by @mschoettle

For more details see the v2.40.1 milestone and the full changelog v2.40.0...v2.40.1.

This discussion was created from the release v2.40.1.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Static Web Server (SWS)

v2.40.1 #600

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

Static Web Server (SWS)

v2.40.1 #600

Uh oh!

Uh oh!

joseluisq Dec 8, 2025 Maintainer

Replies: 0 comments

joseluisq
Dec 8, 2025
Maintainer