In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.Referenceshttps://www.hiawatha-webserver.org/changelog
