- - For anyone who is parsing rsync's verbose output using a script,
- please note that the 2-line footer now uses the term "sent" instead
- of "wrote" and "received" instead of "read". If you are not parsing
- the numeric values out of this footer, your script would probably be
- better off using the empty line prior to the footer as the indicator
- that the verbose output is over.
+ - A bug in the sanitize_path routine (which affects a non-chrooted
+ rsync daemon) could allow a user to craft a pathname that would get
+ transformed into an absolute path for certain options (but not for
+ file-transfer names). If you're running an rsync daemon with chroot
+ disabled, *please upgrade*, ESPECIALLY if the user privs you run
+ rsync under is anything above "nobody".
+
+ OUTPUT CHANGES (ATTN: those using a script to parse the verbose output):
+
+ - Please note that the 2-line footer (output when verbose) now uses the
+ term "sent" instead of "wrote" and "received" instead of "read". If
+ you are not parsing the numeric values out of this footer, a script
+ would be better off using the empty line prior to the footer as the
+ indicator that the verbose output is over.