-ikiwiki (3.20101024) UNRELEASED; urgency=low
+ikiwiki (3.20110122) unstable; urgency=medium
+
+ * inline: Pass feed titles to templates and add title and rel attributes
+ to feed links. (Giuseppe Bilotta)
+ * inline: Use class rather than id for feedlinks and blogform.
+ (Giuseppe Bilotta)
+ * comments: Fix XSS security hole due to missing validation of page name.
+ CVE-2011-0428 (Thanks, Dave B.)
+ * rename: Fix crash when renaming a page that is linked to by a page
+ in an underlay.
+
+ -- Joey Hess <joeyh@debian.org> Sat, 22 Jan 2011 10:22:25 -0400
+
+ikiwiki (3.20110105) unstable; urgency=low
+
+ * tag: Do not include tagbase in rss/atom category tags. (Giuseppe Bilotta)
+ * tag: Improve display of tags with a slash in their names.
+ (Giuseppe Bilotta)
+ * Fix redirect to use a full url. Was broken (in theory) by baseurl
+ changes in last release.
+ * Fix `<base>` output by cgi to have a full url again, broken by last
+ release.
+ * Fix permalinks to recentchanges items and comments, broken by last
+ release.
+ * Export three cgi env vars needed for CGI->url to work. Fixed
+ openid breakage from last release.
+ * Removed `IkiWiki::misctemplate()` function. Any plugins using
+ it should use `IkiWiki::cgitemplate()` instead.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 05 Jan 2011 17:33:05 -0400
+
+ikiwiki (3.20101231) unstable; urgency=low
+
+ * Better support for serving the same site on multiple urls. (Such as
+ a http and a https url, or a ipv4 and an ipv6 url.)
+ (Thanks, smcv)
+ * API: urlto without a defined second parameter now generates an url
+ that starts with "/" (when possible; eg when the site's url and cgiurl
+ are on the same domain).
+ * Now when users log in via https, ikiwiki sends a secure cookie, that can
+ only be used over https. If the user switches to using http, they will
+ need to re-login. (smcv)
+ * inline: Display feed buttons for nested inlines, linking to the inlined
+ page's feed. (Giuseppe Bilotta)
+ * goldtype: New theme, based on blueview, contributed by Lars Wirzenius.
+ * po: do not override homepage title when it was overridden. (intrigeri)
+ * Set HTML::Template's parent_global_vars option to allow using parameters
+ like title_overridden that do not appear on the template. (intrigeri)
+ (See https://rt.cpan.org/Public/Bug/Display.html?id=64158)
+ * inline: Force an absolute page location when the inline postform is used.
+ * editpage, comment: Clean up title when editing or creating a page or
+ comment.
+ * teximg: Use `\[` and `\]` instead of not recommended `$$`. (Paul Menzel)
+ Closes: #596084
+ * monotone: Improve version parsing to support patch and development
+ versions of the monotone binary. (tommyd3mdi)
+ * highlight: Support highlight 3.2+svn19 (note that released version 3.2
+ is not supported). Closes: #605779 (David Bremner)
+ * Add a second parameter to the rcs_diff hook, and avoid bloating memory
+ reading in enormous commits.
+ * git: Fix bug involving attempting to web revert a commit that included
+ changes to attachments.
+
+ -- Joey Hess <joeyh@debian.org> Fri, 31 Dec 2010 21:23:37 -0400
+
+ikiwiki (3.20101201) unstable; urgency=low
+
+ * meta: Fix calling of htmlscrubber to pass the page parameter.
+ The change of the htmlscrubber to look at page rather than destpage
+ caused htmlscrubber_skip to not work for meta directives.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 01 Dec 2010 20:28:01 -0400
+
+ikiwiki (3.20101129) unstable; urgency=low
+
+ * websetup: Fix encoding problem when restoring old setup file.
+ * more: Add pages parameter to limit where the more is displayed.
+ (thanks, dark)
+ * Fix escaping of filenames in historyurl. (Thanks, aj)
+ * inline: Improve RSS url munging to use a proper html parser,
+ and support all elements that HTML::Tagset knows about.
+ (Which doesn't include html5 just yet, but then the old version
+ didn't either.) Bonus: 4 times faster than old regexp method.
+ * Optimise glob() pagespec. (Thanks, Kathryn and smcv)
+ * highlight: Support new format of filetypes.conf used by version 3.2
+ of the highlight package.
+ * edittemplate: Fix crash if using a .tmpl file or other non-page file
+ as a template for a new page.
+ * git: Fix temp file location.
+ * rename: Fix to pass named parameters to rcs_commit.
+ * git: Avoid adding files when committing, so as not to implicitly add
+ files like recentchanges files that are not normally checked in,
+ when fixing links after rename.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 29 Nov 2010 13:59:10 -0400
+
+ikiwiki (3.20101112) unstable; urgency=HIGH
* txt: Fix display when used inside a format directive.
* highlight: Ensure that other, more-specific format plugins,
(Thanks, Craig Lennox and Tuomas Jormola)
* git: Use author date, not committer date. Closes: #602012
(Thanks, Tuomas Jormola)
-
- -- Joey Hess <joeyh@debian.org> Mon, 25 Oct 2010 22:30:29 -0400
+ * Fix htmlscrubber_skip to be matched on the source page, not the page it is
+ inlined into. Should allow setting to "* and !comment(*)" to scrub
+ comments, but leave your blog posts unscrubbed, etc. CVE-2010-1673
+ * comments: Make postcomment() pagespec work when previewing a comment,
+ including during moderation. CVE-2010-1673
+ * comments: Make comment() pagespec also match comments that are being
+ posted. CVE-2010-1673
+
+ -- Joey Hess <joeyh@debian.org> Fri, 12 Nov 2010 00:36:06 -0400
ikiwiki (3.20101023) unstable; urgency=low