Return-Path: owner-new-httpd Received: by taz.hyperreal.com (8.6.10/8.6.5) id LAA03432; Tue, 28 Mar 1995 11:12:42 -0800 Received: from get.wired.com by taz.hyperreal.com (8.6.10/8.6.5) with ESMTP id LAA03425; Tue, 28 Mar 1995 11:12:40 -0800 Received: by get.wired.com (8.6.10/8.6.5) id LAA00551; Tue, 28 Mar 1995 11:12:25 -0800 Date: Tue, 28 Mar 1995 11:12:25 -0800 (PST) From: Brian Behlendorf To: new-httpd@hyperreal.com Subject: false alarm... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-new-httpd@hyperreal.com Precedence: bulk Reply-To: new-httpd@hyperreal.com I just checked with 0.2 and that security hole doesn't appear to exist, so one of us did something right :) My apologies - though any of you running 1.3R still with .cgi scripts should still implement it. You'll also have to excuse me as I'm recovering from a flu that had put me out of commission since Friday.... Brian --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-- brian@hotwired.com brian@hyperreal.com http://www.hotwired.com/Staff/brian/