muhttpd 1.1.4 Released

muhttpd 1.1.4 Released

Robbert Haarman


Posted by inglorion
at 2009-11-17 21:13:58

I have just released muhttpd 1.1.4.

This release adds sanitation of request URLs. Without that sanitation, anyone could read any file the muhttpd process has read access to.

This means that if you are running muhttpd versions older that 1.1.4, and you are not using the webroot directive to restrict the server to a specific directory tree, anyone who can make requests to your machine can read files such as /etc/passwd. Probably not what you want. Therefore, I strongly recommend that anyone who uses muhttpd upgrade to 1.1.4.