This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cb236c5)
perldelta for ba0a4150f
authorFather Chrysostomos <sprout@cpan.org>
Wed, 14 Sep 2016 05:54:49 +0000 (22:54 -0700)
committerFather Chrysostomos <sprout@cpan.org>
Wed, 14 Sep 2016 05:55:44 +0000 (22:55 -0700)
pod/perldelta.pod patch | blob | blame | history

diff --git a/pod/perldelta.pod b/pod/perldelta.pod
index 5b46249..e53cb88 100644 (file)
--- a/pod/perldelta.pod
+++ b/pod/perldelta.pod
@@ -33,7 +33,14 @@ XXX Any security-related notices go here.  In particular, any security
 vulnerabilities closed should be noted here rather than in the
 L</Selected Bug Fixes> section.
 
-[ List each security issue as a =head2 entry ]
+=head2 "Escaped" colons and relative paths in PATH
+
+On Unix systems, Perl treats any relative paths in the PATH environment
+variable as tainted when starting a new process.  Previously, it was
+allowing a backslash to escape a colon (unlike the OS), consequently
+allowing relative paths to be considered safe if the PATH was set to
+something like C</\:.>.  The check has been fixed to treat C<.> as tainted
+in that example.
 
 =head1 Incompatible Changes
 
Unnamed repository; edit this file 'description' to name the repository.