diff -Nru ruby-liquid-2.6.0/History.md ruby-liquid-2.6.1/History.md
--- ruby-liquid-2.6.0/History.md	2013-12-09 16:18:14.000000000 +0000
+++ ruby-liquid-2.6.1/History.md	2014-01-27 22:38:45.000000000 +0000
@@ -3,7 +3,13 @@
 IMPORTANT: Liquid 2.6 is going to be the last version of Liquid which maintains explicit Ruby 1.8 compatability.
 The following releases will only be tested against Ruby 1.9 and Ruby 2.0 and are likely to break on Ruby 1.8.
 
-## 2.6.0 / 2013-11-25 / branch "2.6-stable"
+## 2.6.1 / 2014-01-10 / branch "2-6-stable"
+
+Security fix, cherry-picked from master (4e14a65):
+* Don't call to_sym when creating conditions for security reasons, see #273 [Bouke van der Bijl, bouk]
+* Prevent arbitrary method invocation on condition objects, see #274 [Dylan Thacker-Smith, dylanahsmith]
+
+## 2.6.0 / 2013-11-25
 
 * ...
 * Bugfix for #106: fix example servlet [gnowoel]
Binary files /tmp/AShuRA06aJ/ruby-liquid-2.6.0/checksums.yaml.gz and /tmp/j1XHeenf7P/ruby-liquid-2.6.1/checksums.yaml.gz differ
diff -Nru ruby-liquid-2.6.0/debian/changelog ruby-liquid-2.6.1/debian/changelog
--- ruby-liquid-2.6.0/debian/changelog	2013-12-09 16:29:02.000000000 +0000
+++ ruby-liquid-2.6.1/debian/changelog	2014-02-01 19:24:01.000000000 +0000
@@ -1,3 +1,9 @@
+ruby-liquid (2.6.1-1) unstable; urgency=medium
+
+  * Imported Upstream version 2.6.1
+
+ -- Cédric Boutillier <boutil@debian.org>  Sat, 01 Feb 2014 19:30:53 +0100
+
 ruby-liquid (2.6.0-1) unstable; urgency=medium
 
   * Imported Upstream version 2.6.0
diff -Nru ruby-liquid-2.6.0/lib/liquid/tags/if.rb ruby-liquid-2.6.1/lib/liquid/tags/if.rb
--- ruby-liquid-2.6.0/lib/liquid/tags/if.rb	2013-12-09 16:18:14.000000000 +0000
+++ ruby-liquid-2.6.1/lib/liquid/tags/if.rb	2014-01-27 22:38:45.000000000 +0000
@@ -15,6 +15,7 @@
     SyntaxHelp = "Syntax Error in tag 'if' - Valid syntax: if [expression]"
     Syntax = /(#{QuotedFragment})\s*([=!<>a-z_]+)?\s*(#{QuotedFragment})?/o
     ExpressionsAndOperators = /(?:\b(?:\s?and\s?|\s?or\s?)\b|(?:\s*(?!\b(?:\s?and\s?|\s?or\s?)\b)(?:#{QuotedFragment}|\S+)\s*)+)/o
+    BOOLEAN_OPERATORS = %w(and or)
 
     def initialize(tag_name, markup, tokens)
       @blocks = []
@@ -61,7 +62,8 @@
             raise(SyntaxError, SyntaxHelp) unless expressions.shift.to_s =~ Syntax
 
             new_condition = Condition.new($1, $2, $3)
-            new_condition.send(operator.to_sym, condition)
+            raise SyntaxError, "invalid boolean operator" unless BOOLEAN_OPERATORS.include?(operator)
+            new_condition.send(operator, condition)
             condition = new_condition
           end
 
@@ -71,8 +73,6 @@
         @blocks.push(block)
         @nodelist = block.attach(Array.new)
       end
-
-
   end
 
   Template.register_tag('if', If)
diff -Nru ruby-liquid-2.6.0/lib/liquid/version.rb ruby-liquid-2.6.1/lib/liquid/version.rb
--- ruby-liquid-2.6.0/lib/liquid/version.rb	2013-12-09 16:18:14.000000000 +0000
+++ ruby-liquid-2.6.1/lib/liquid/version.rb	2014-01-27 22:38:45.000000000 +0000
@@ -1,4 +1,4 @@
 # encoding: utf-8
 module Liquid
-  VERSION = "2.6.0"
+  VERSION = "2.6.1"
 end
diff -Nru ruby-liquid-2.6.0/metadata.yml ruby-liquid-2.6.1/metadata.yml
--- ruby-liquid-2.6.0/metadata.yml	2013-12-09 16:18:14.000000000 +0000
+++ ruby-liquid-2.6.1/metadata.yml	2014-01-27 22:38:45.000000000 +0000
@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: liquid
 version: !ruby/object:Gem::Version
-  version: 2.6.0
+  version: 2.6.1
 platform: ruby
 authors:
 - Tobias Luetke
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-11-25 00:00:00.000000000 Z
+date: 2014-01-10 00:00:00.000000000 Z
 dependencies: []
 description: 
 email:
@@ -97,17 +97,17 @@
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: 1.3.7
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.1.10
+rubygems_version: 2.0.3
 signing_key: 
 specification_version: 4
 summary: A secure, non-evaling end user template engine with aesthetic markup.
@@ -143,4 +143,3 @@
 - test/liquid/template_test.rb
 - test/liquid/variable_test.rb
 - test/test_helper.rb
-has_rdoc: 
diff -Nru ruby-liquid-2.6.0/test/liquid/tags/if_else_tag_test.rb ruby-liquid-2.6.1/test/liquid/tags/if_else_tag_test.rb
--- ruby-liquid-2.6.0/test/liquid/tags/if_else_tag_test.rb	2013-12-09 16:18:14.000000000 +0000
+++ ruby-liquid-2.6.1/test/liquid/tags/if_else_tag_test.rb	2014-01-27 22:38:45.000000000 +0000
@@ -157,4 +157,10 @@
     assert_template_result('yes',
                            %({% if 'gnomeslab-and-or-liquid' contains 'gnomeslab-and-or-liquid' %}yes{% endif %}))
   end
+
+  def test_operators_are_whitelisted
+    assert_raise(SyntaxError) do
+      assert_template_result('', %({% if 1 or throw or or 1 %}yes{% endif %}))
+    end
+  end
 end # IfElseTest