Hello fellow Dancers. We've been notified about a security issue that affects Dancer 1.3070. Indeed, since 1.3070, it was possible to abuse the static file serving feature to obtain files from a directory immediately above the directory configured to serve static files from. This issue has been reported by Vladimir Lettiev and fixed by David Precious. Note that we've added more tests in the suite to make sure this issue cannot come back in future releases. I've published a security release yesterday: 1.3071 which provides the very patch needed to solve the issue. Also be aware that the diff between 1.3070 and 1.3071 is minimal, it only provides the security fix: http://search.cpan.org/diff?from=Dancer-1.3070&to=Dancer-1.3071 We strongly advice you to upgrade to 1.3071 if you're running under 1.3070 in production. http://search.cpan.org/CPAN/authors/id/S/SU/SUKRIA/Dancer-1.3071.tar.gz Thanks for your trust, and happy dancing. -- Alexis Sukrieh -+- Hackers gonna hack! “The problem with quotes on the Internet is that you can't always be sure of their authenticity.” -- Abraham Lincoln http://sukria.net http://twitter.com/sukria