add

git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/branches/stable_1-1@937 19e92222-5c0b-0410-8929-a290d50e31e9

2 files changed, 14 insertions, 0 deletions

diff --git a/site/src/news.include b/site/src/news.include
index aa20fcd..646ad6c 100644
--- a/site/src/news.include
+++ b/site/src/news.include
@@ -1,4 +1,14 @@
 <dl>
+
+  <dt>Dec-29-2007</dt>
+  <dd>
+  <h5><a href="{relocatable: news.html}">Mongrel 1.1.3 and 1.0.5, security update</a></h5>
+  
+  <p>Mongrel 1.1.3 and 1.0.5 are out. They fix a security flaw in the DirHandler as reported on the list. You should upgrade when you get the chance.</p>
+  <a href="http://rubyforge.org/frs/?group_id=1306" title="Downloads">Download</a>
+  <a href="{relocatable: news.html}"><img src="{relocatable: images/li4.gif}" alt="more" /><br /></a></p>
+  </dd>
+
   <dt>Dec-15-2007</dt>
   <dd>
   <h5><a href="{relocatable: news.html}">Mongrel 1.1.2, holiday edition</a></h5>
diff --git a/site/src/news.page b/site/src/news.page
index 712d584..322aab0 100644
--- a/site/src/news.page
+++ b/site/src/news.page
@@ -7,6 +7,10 @@ ordering: 2
 
 h1. Latest News
 
+h2. Dec 29: Mongrel 1.1.3 and 1.0.5, security update. For serious.
+
+Mongrel 1.1.3 and 1.0.5 are out. They fix a security flaw in the DirHandler as reported on the list. The flaw may or may not be already mitigated by your proxy configuration, but you should upgrade when you get the chance (or downgrade to 1.0.3).
+
 h2. Dec 15: Mongrel 1.1.2, holiday edition.
 
 Mongrel 1.1.2 is out. It fixes a few bugs and adds JRuby 1.0.x compatibility.