This update fixes the following security issues: CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters . CVE-2015-8560: fixed code execution via improper escaping of ; .