URL Access restrictions bypass ================================ Description ------------- The mod_access restrictions could be bypassed by appending a "/" to the url. The access check is now run before and after the path info handling. mod_access is not loaded by default and it needs to be configured to be used. Affected versions ------------------- All previous versions. Solutions or Workaround ------------------------- There is no known workaround. Please update to 1.4.16 or apply lighttpd-1.4.x_mod_access_bypass.patch