Jekyll 1.5.1 Released ∞ release 28 Mar 2014 parkr The hawk-eyed @gregose spotted a bug in our Jekyll.sanitized_path code: > sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd") => "/tmp/foobar/jail/../../../etc/passwd" Well, we can’t have that! In 1.5.1, you’ll instead see: > sanitized_path("/tmp/foobar/jail", "..c:/..c:/..c:/etc/passwd") => "/tmp/foobar/jail/..c:/..c:/..c:/etc/passwd" Luckily not affecting 1.4.x, this fix will make 1.5.0 that much safer for the masses. Thanks, Greg!