From dfadaa0bf91666859ef3760520b108aac730cee2 Mon Sep 17 00:00:00 2001 From: smcv Date: Fri, 6 May 2016 15:14:09 -0400 Subject: [PATCH] escape directive properly; add paragraph breaks --- doc/news/version_3.20160506.mdwn | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/news/version_3.20160506.mdwn b/doc/news/version_3.20160506.mdwn index 650588c6e..331a48b6b 100644 --- a/doc/news/version_3.20160506.mdwn +++ b/doc/news/version_3.20160506.mdwn @@ -1,15 +1,19 @@ News for ikiwiki 3.20160506: To mitigate [[!cve CVE-2016-3714]] and similar ImageMagick security vulnerabilities, - the `[[!img]]` directive is now restricted to these common web formats by + the `\[[!img]]` directive is now restricted to these common web formats by default: + * JPEG (`.jpg`, `.jpeg`) * PNG (`.png`) * GIF (`.gif`) * SVG (`.svg`) + (In particular, by default resizing PDF files is no longer allowed.) + Additionally, resized SVG files are displayed in the browser as SVG instead of being converted to PNG. + If all users who can attach images are fully trusted, this restriction can be removed with the new img\_allowed\_formats setup option. See [[ikiwiki/directive/img]] for more details.