
























26 Nov 2017
We’ve just released restic 0.8.0. It brings the new awesome metadata cache which will speed up many operations, you may need to run restic prune once to fully see it in action.
For downloading the new release and see a more detailed list of important changes, head over to GitHub. As always, thanks for reporting any issues you encounter! Or just write a post in the forum.
This release also corrects a (low risk) vulnerability. When attackers are able to create files with arbitrary names on a Linux/Unix system in a directory that is saved with restic, it may happen that when the directory is restored on a Windows system to write files outside the target directory for the restore.
It works as follows:
..\test.txt, which is a valid filename on Linux...\test.txt again. But if it restored on Windows, it’ll be placed in the parent directory of the target directory (because ..\ refers to the parent).We think this situation will not occur very often, so it is estimated to be of low risk. Nevertheless we’ve made sure that the behavior is changed, and now restic refuses to write files outside the target directory during restore.
We’d like to thank Tyler Spivey for reporting the vulnerability responsibly!
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。