On Mon, Feb 8, 2016 at 1:43 PM, George Neuner <gneun...@comcast.net> wrote: > On Mon, 8 Feb 2016 11:16:03 -0500, Sam Tobin-Hochstadt > <sa...@cs.indiana.edu> wrote: > >>The vulnerability affects web servers that serve static files using >>the `#:extra-static-files` option, including the default value of this >>option. > > Um ... where is that keyword used? Or documented? > > I'm using 6.1.1 (yes, I know I'm behind) and I searched the full > source but I can't find "extra-static-files" anywhere. > > In 6.1.1 serve/servlet appears to use #:extra-files-paths for the > stated purpose.
That's a typo in the message, which I've now corrected in the corresponding blog post. Thanks for pointing it out. >>If you cannot immediately upgrade to version 6.4, we have provided a >>package catalog with updated versions of the "web-server-lib" package >>for versions of Racket back to 6.0. That catalog is located at >> >> http://download.racket-lang.org/patches/web-server-1/ > > I get a 404 error. There is indeed no index.html file for that directory, but the appropriate files are there for the catalog, for example: http://download.racket-lang.org/patches/web-server-1/pkgs-all Sam -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
