Beanstalkd 1.4.6 Security Release Notes
This is a security fix and bugfix release.
As always, there will be no incompatible protocol changes until version 2.0. A client written for version 1.4.6 will work unmodified with any later 1.x release of beanstalkd.
- The put command now discards the entire job body before returning JOB_TOO_BIG. Previously, it interpreted the job body as commands. This was a potential security hole, where malicious users could craft job payload data to inject commands without cooperation from the beanstalk client application.
- Fix issue #40 by requiring an absolute path when
-bis used with
Full list of changes in this release (includes authorship information):
Download the 1.4.6 tarball directly:
Learn all about beanstalk:
Talk about beanstalk development or use at:
Please report any bugs to: