urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

escape directive properly; add paragraph breaks

master
smcv 2016-05-06 15:14:09 -04:00 committed by admin
parent 455be983c0
commit dfadaa0bf9
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/news/version_3.20160506.mdwn
View File

@ -1,15 +1,19 @@
News for ikiwiki 3.20160506: News for ikiwiki 3.20160506:
To mitigate [[!cve CVE-2016-3714]] and similar ImageMagick security vulnerabilities, To mitigate [[!cve CVE-2016-3714]] and similar ImageMagick security vulnerabilities,
the `[[!img]]` directive is now restricted to these common web formats by the `\[[!img]]` directive is now restricted to these common web formats by
default: default:
* JPEG (`.jpg`, `.jpeg`) * JPEG (`.jpg`, `.jpeg`)
* PNG (`.png`) * PNG (`.png`)
* GIF (`.gif`) * GIF (`.gif`)
* SVG (`.svg`) * SVG (`.svg`)
(In particular, by default resizing PDF files is no longer allowed.) (In particular, by default resizing PDF files is no longer allowed.)
Additionally, resized SVG files are displayed in the browser as SVG Additionally, resized SVG files are displayed in the browser as SVG
instead of being converted to PNG. instead of being converted to PNG.
If all users who can attach images are fully trusted, this restriction If all users who can attach images are fully trusted, this restriction
can be removed with the new img\_allowed\_formats setup option. can be removed with the new img\_allowed\_formats setup option.
See [[ikiwiki/directive/img]] for more details. See [[ikiwiki/directive/img]] for more details.