Mercurial 4.1.3 released
Augie Fackler
raf at durin42.com
Tue Apr 18 15:30:22 UTC 2017
This is the warned-of security release which resolves an issue with `hg serve --stdio` unintentionally exposing the Python debugger to all users. Please update your packages ASAP. Thanks!
Note that this issue is present in all released versions of Mercurial - if you're packaging old versions, you'll need to back port the part of the patch that lives in dispatch.py, and presumably also the hg-ssh bit if you package that for your users as well.
Sorry for the extra work. We'll gladly review any backported patches as needed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://www.mercurial-scm.org/pipermail/mercurial-packaging/attachments/20170418/05354267/attachment.sig>
More information about the Mercurial-packaging
mailing list