I'm checking that this parameter wasn't set by mistake.
The parameter allows a symlink to point to somewhere outside of the static directory. Symlinks that point within the directory will work without enabling this parameter (it's badly named). Therefore enabling this option could make it easy to misconfigure an environment and introduce security issues.
If you're absolutely sure you need this parameter, then please ensure your server is upgraded to aiohttp 3.9.2 immediately (security advisory will be published about this tomorrow).
I'm checking that this parameter wasn't set by mistake. The parameter allows a symlink to point to somewhere outside of the static directory. Symlinks that point within the directory will work without enabling this parameter (it's badly named). Therefore enabling this option could make it easy to misconfigure an environment and introduce security issues.
If you're absolutely sure you need this parameter, then please ensure your server is upgraded to aiohttp 3.9.2 immediately (security advisory will be published about this tomorrow).