-
Kevin Falcone authored
CGI.pm prevented us from being vulnerable to this by removing the .. and turning that into /Elements/Header which we shipped off to Login. 4.0 uses PSGI which does not normalize the .. so you can walk around NoAuth regex.
0e5e4222