]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blob - doc/news/version_3.20170111.mdwn
projects / git.ikiwiki.info.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
improve reply wording with a crosslink
[git.ikiwiki.info.git] / doc / news / version_3.20170111.mdwn
1 ikiwiki 3.20170111 released with [[!toggle text="these changes"]]
2 [[!toggleable text="""
3    * passwordauth: prevent authentication bypass via multiple name
4      parameters (CVE-2017-0356, OVE-20170111-0001)
5    * passwordauth: avoid userinfo forgery via repeated email parameter
6      (also in the scope of CVE-2017-0356)
7    * CGI, attachment, passwordauth: harden against repeated parameters
8      (not believed to have been a vulnerability)
9    * remove: make it clearer that repeated page parameter is OK here
10    * t/passwordauth.t: new automated test for passwordauth"""]]
Unnamed repository; edit this file 'description' to name the repository.