ikiwiki/doc/news/version_3.20150329.mdwn

35 lines
1.2 KiB
Plaintext
Raw Normal View History

2015-03-30 12:53:00 +02:00
ikiwiki 3.20150329 released with [[!toggle text="these changes"]]. This is a
security update fixing a cross-site scripting vulnerability.
2015-03-29 23:46:39 +02:00
[[!toggleable text="""
[ [[Joey Hess|joey]] ]
2015-03-30 12:51:34 +02:00
2015-03-29 23:46:39 +02:00
* Fix NULL ptr deref on ENOMEM in wrapper. (Thanks, igli)
[ [[Simon McVittie|smcv]] ]
2015-03-30 12:51:34 +02:00
2015-03-29 23:46:39 +02:00
* Really don't double-decode CGI submissions, even on Perl versions that
bundle an old enough Encode.pm for that not to be a problem: the
system might have a newer Encode.pm installed separately, like Fedora 20.
(Closes: [[!debbug 776181]]; thanks, Anders Kaseorg)
* If neither timezone nor TZ is set, set both to :/etc/localtime if
we're on a GNU system and that file exists, or GMT otherwise
* t/inline.t: accept translations of "Add a new post titled:"
(Closes: [[!debbug 779365]])
* Consistently document command-line options as e.g. --refresh, not -refresh
[ [[Amitai Schlair|schmonz]] ]
2015-03-30 12:51:34 +02:00
2015-03-29 23:46:39 +02:00
* In VCS-committed anonymous comments, link to url.
[ [[Joey Hess|joey]] ]
2015-03-30 12:51:34 +02:00
2015-03-29 23:46:39 +02:00
* Fix XSS in openid selector. Thanks, Raghav Bisht.
(Closes: [[!debbug 781483]])
"""]]
2015-03-30 12:53:00 +02:00
In addition, version 3.20141016.2 was released on the same day to backport
the cross-site-scripting fix to Debian 8.
[[!meta date="2015-03-29 22:46:39 +0100"]]