diff --git a/source/texk/web2c/luatexdir/ChangeLog b/source/texk/web2c/luatexdir/ChangeLog
index 75d657fc6b4d723b846a1d4ac5529132cf7d0078..af86c6b55464fc815dcf87b71fd8a6dd4e3f9d64 100644
--- a/source/texk/web2c/luatexdir/ChangeLog
+++ b/source/texk/web2c/luatexdir/ChangeLog
@@ -1,3 +1,7 @@
+2025-02-05 Luigi Scarso <luigi.scarso@gmail.com>
+	* fixed shell-escape bypass (thanks to tex@maxchernoff.ca)
+
+	
 2025-02-05 Luigi Scarso <luigi.scarso@gmail.com>
 	* add mathemptydisplaymode primitive, 
 	* fix nodes leak in end_graf (thanks to udifoglle@gmail.com)
diff --git a/source/texk/web2c/luatexdir/lua/luainit.c b/source/texk/web2c/luatexdir/lua/luainit.c
index dad4ef7167fe1b876ee7b60eb5fa65a7d975b224..a05a0e54c81dd9cd90c3854f74e6ad1477d59570 100644
--- a/source/texk/web2c/luatexdir/lua/luainit.c
+++ b/source/texk/web2c/luatexdir/lua/luainit.c
@@ -733,6 +733,11 @@ static int luatex_kpse_clua_find(lua_State * L)
 {
     const char *filename;
     const char *name;
+    if (!clua_loader_function) {
+        /*tex library not found in this path */
+        lua_pushliteral(L, "\n\t[C searcher requires unrestricted shell escape]");
+        return 1;
+    }
     if (safer_option) {
         /*tex library not found in this path */
         lua_pushliteral(L, "\n\t[C searcher disabled in safer mode]");
@@ -1240,6 +1245,9 @@ void lua_initialize(int ac, char **av)
     /* the lua debug library is enabled if shell escape permits everything */
     if (shellenabledp && restrictedshell != 1) {
       luadebug_option = 1 ;      
+    } else {
+        luaL_unref(Luas, LUA_REGISTRYINDEX, clua_loader_function);
+        clua_loader_function = 0;
     }
     /*tex Here we load luatex-core.lua which takes care of some protection on demand. */
     if (load_luatex_core_lua(Luas)) {
diff --git a/source/texk/web2c/luatexdir/luatex_svnversion.h b/source/texk/web2c/luatexdir/luatex_svnversion.h
index e776749f3edafd344a4389b57f1445c78894a7d0..78c8cec735ba53ea534a6cfdb1ec77d4074babb4 100644
--- a/source/texk/web2c/luatexdir/luatex_svnversion.h
+++ b/source/texk/web2c/luatexdir/luatex_svnversion.h
@@ -1,4 +1,4 @@
 #ifndef luatex_svn_revision_h
 #define luatex_svn_revision_h
-#define luatex_svn_revision 7659
+#define luatex_svn_revision 7660
 #endif