From 222f47c042fcdb9732d8d068ab17a1f611c22be1 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Tue, 22 Dec 2015 07:24:10 -0500 Subject: [PATCH] Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) --- CHANGELOG | 1 + .htaccess | 2 +- 2 files changed, 2 insertions(+), 1 deletions(-) diff --git a/.htaccess b/.htaccess index 9035952..26fec1a 100644 --- a/.htaccess +++ b/.htaccess @@ -31,7 +31,7 @@ # security rules: # - deny access to files not containing a dot or starting with a dot # in all locations except installer directory -RewriteRule ^(?!installer)(\.?[^\.]+)$ - [F] +RewriteRule ^(?!installer|\.well-known\/)(\.?[^\.]+)$ - [F] # - deny access to some locations RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F] # - deny access to some documentation files diff --git a/CHANGELOG b/CHANGELOG index 99d4d2e..db31680 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -8,6 +8,7 @@ - Fix PDF support detection in Firefox > 19 (#1490610) - Fix path traversal vulnerability in setting a skin (#1490620) - Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619) +- Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) RELEASE 1.0.7 ------------- -- Gitblit v1.9.1