From 6d43a979b8a60ee4c74d51bf739cb07a0043ac61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sat, 7 Mar 2026 18:54:01 +0100
Subject: [PATCH] Hardenened security of deleteLogEndpoint

---
 src/Services/System/UpdateExecutor.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Services/System/UpdateExecutor.php b/src/Services/System/UpdateExecutor.php
index fca7d1fa..6704517a 100644
--- a/src/Services/System/UpdateExecutor.php
+++ b/src/Services/System/UpdateExecutor.php
@@ -613,7 +613,7 @@ class UpdateExecutor
             return false;
         }
 
-        $logPath = $this->project_dir . '/' . self::UPDATE_LOG_DIR . '/' . $filename;
+        $logPath = $this->project_dir . '/' . self::UPDATE_LOG_DIR . '/' . basename($filename);
 
         if (!file_exists($logPath)) {
             return false;