10 lines
572 B
Plaintext
10 lines
572 B
Plaintext
|
ikiwiki 3.20170111 released with [[!toggle text="these changes"]]
|
||
|
[[!toggleable text="""
|
||
|
* passwordauth: prevent authentication bypass via multiple name
|
||
|
parameters (CVE-2017-0356, OVE-20170111-0001)
|
||
|
* passwordauth: avoid userinfo forgery via repeated email parameter
|
||
|
(also in the scope of CVE-2017-0356)
|
||
|
* CGI, attachment, passwordauth: harden against repeated parameters
|
||
|
(not believed to have been a vulnerability)
|
||
|
* remove: make it clearer that repeated page parameter is OK here
|
||
|
* t/passwordauth.t: new automated test for passwordauth"""]]
|