What's new in Tornado 4.2.1

docs/releases/v4.2.1.rst

6.5.5324 B

What's new in Tornado 4.2.1

Jul 17, 2015

Security fix


* This release fixes a path traversal vulnerability in `.StaticFileHandler`,
  in which files whose names *started with* the ``static_path`` directory
  but were not actually *in* that directory could be accessed.