TheCloud/hugoDocs
1
0
Fork 0
mirror of https://github.com/gohugoio/hugoDocs.git synced 2025-09-14 05:54:52 -04:00
Code Issues Packages Projects Releases Wiki Activity

Release v0.79.1

Browse Source
This commit is contained in:
Bjørn Erik Pedersen 2020-12-19 17:26:27 +01:00
parent 2d4583d43b
commit f7ac0e59d9
No known key found for this signature in database
GPG Key ID: 330E6E2BD4859D8F
2 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
content/en/news/0.79.1-relnotes/index.md
View File

@ -1,19 +1,22 @@
---
date: 2020-12-19
title: "Hugo 0.79.1: A couple of Bug Fixes"
description: "This version fixes a couple of bugs introduced in 0.79.0."
title: "Hugo .79.1: One Security Patch for Hugo on Windows"
description: "Disallow running of e.g. Pandoc in the current directory."
categories: ["Releases"]
images:
- images/blog/hugo-bug-poster.png
---
Hugo depends on Go's `os/exec` for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system `%PATH%` on Windows. However, if a malicious file with the same name (`exe` or `bat`) was found in the current working directory at the time of running `hugo`, the malicious command would be invoked instead of the system one.
This is a bug-fix release with one important fix.
* Improve LookPath [4a8267d6](https://github.com/gohugoio/hugo/commit/4a8267d64a40564aced0695bca05249da17b0eab) [@bep](https://github.com/bep)
Windows users who ran `hugo` inside untrusted Hugo sites was affected.
The origin of this issue comes from Go, see https://github.com/golang/go/issues/38736
We have fixed this in Hugo by [using](https://github.com/gohugoio/hugo/commit/4a8267d64a40564aced0695bca05249da17b0eab) a patched version of `exec.LookPath` from https://github.com/cli/safeexec (thanks to [@mislav](https://github.com/mislav)) for the implementation).
Thanks to [@Ry0taK](https://github.com/Ry0taK) for the bug report.

8
netlify.toml
View File

@ -3,7 +3,7 @@ publish = "public"
command = "hugo --gc --minify"
[context.production.environment]
HUGO_VERSION = "0.79.0"
HUGO_VERSION = "0.79.1"
HUGO_ENV = "production"
HUGO_ENABLEGITINFO = "true"
@ -11,20 +11,20 @@ HUGO_ENABLEGITINFO = "true"
command = "hugo --gc --minify --enableGitInfo"
[context.split1.environment]
HUGO_VERSION = "0.79.0"
HUGO_VERSION = "0.79.1"
HUGO_ENV = "production"
[context.deploy-preview]
command = "hugo --gc --minify --buildFuture -b $DEPLOY_PRIME_URL"
[context.deploy-preview.environment]
HUGO_VERSION = "0.79.0"
HUGO_VERSION = "0.79.1"
[context.branch-deploy]
command = "hugo --gc --minify -b $DEPLOY_PRIME_URL"
[context.branch-deploy.environment]
HUGO_VERSION = "0.79.0"
HUGO_VERSION = "0.79.1"
[context.next.environment]
HUGO_ENABLEGITINFO = "true"