Greetings!

*** Eugene Medvedev [2025-09-19 07:46]:
>As it currently stands, NNCP is vulnerable to path traversal attacks with
>freq and file functions: Despite the requirement for both to supply full path
>in configuration, both types of packets will accept and act upon paths
>containing "..".

Unfortunately it is so indeed. Shame on me for missing that check!
Thanks for the patch! I merged it into develop branch. May I add you to
the THANKS file? If yes, should I add your email there? After that I
will make a new release.

-- 
Sergey Matveev (http://www.stargrave.org/)
LibrePGP: 12AD 3268 9C66 0D42 6967  FD75 CB82 0563 2107 AD8A