What’s new in Tornado 4.2.1
Jul 17, 2015
Security fix
This release fixes a path traversal vulnerability in
StaticFileHandler, in which files whose names started with thestatic_pathdirectory but were not actually in that directory could be accessed.