21 lines
1.0 KiB
Markdown
21 lines
1.0 KiB
Markdown
This is a security fix release, upgrade is recommended.
|
|
|
|
News for ikiwiki 2.14:
|
|
|
|
This version of ikiwiki is more picky about symlinks in the path leading
|
|
to the srcdir, and will refuse to use a srcdir specified by such a path.
|
|
This was necessary to avoid some potential exploits, but could potentially
|
|
break (semi-)working wikis. If your wiki has a srcdir path containing a
|
|
symlink, you should change it to use a path that does not.
|
|
|
|
ikiwiki 2.14 released with [[toggle text="these changes"]]
|
|
[[toggleable text="""
|
|
* Let CC be used to control what compiler is used to build wrappers.
|
|
* Use 'cc' instead of gcc as the default compiler.
|
|
* Security fix: Ensure that there are no symlinks anywhere in the path
|
|
to the top of the srcdir. In certian unusual configurations, an attacker
|
|
who could commit to one of the parent directories of the srcdir could
|
|
use a symlink attack to cause ikiwiki to publish files elsewhere in the
|
|
filesystem. More details [[here|security#index29h2]]
|
|
"""]]
|