Merge branch 'master' into debian-jessie-backports

[git.ikiwiki.info.git] / doc / news / version_3.20150329.mdwn

diff --git a/doc/news/version_3.20150329.mdwn b/doc/news/version_3.20150329.mdwn
index 787efd9654f40aac7bb8bb3cf7a059b4d45335ab..7e0d3e0bc768da3ddc138eff419b70d782e3bf8e 100644 (file)
--- a/doc/news/version_3.20150329.mdwn
+++ b/doc/news/version_3.20150329.mdwn
@@ -1,9 +1,13 @@
-ikiwiki 3.20150329 released with [[!toggle text="these changes"]]
+ikiwiki 3.20150329 released with [[!toggle text="these changes"]]. This is a
+security update fixing a cross-site scripting vulnerability.
+
 [[!toggleable text="""
   [ [[Joey Hess|joey]] ]
+
   * Fix NULL ptr deref on ENOMEM in wrapper. (Thanks, igli)
 
   [ [[Simon McVittie|smcv]] ]
+
   * Really don't double-decode CGI submissions, even on Perl versions that
     bundle an old enough Encode.pm for that not to be a problem: the
     system might have a newer Encode.pm installed separately, like Fedora 20.
@@ -15,9 +19,16 @@ ikiwiki 3.20150329 released with [[!toggle text="these changes"]]
   * Consistently document command-line options as e.g. --refresh, not -refresh
 
   [ [[Amitai Schlair|schmonz]] ]
+
   * In VCS-committed anonymous comments, link to url.
 
   [ [[Joey Hess|joey]] ]
+
   * Fix XSS in openid selector. Thanks, Raghav Bisht.
     (Closes: [[!debbug 781483]])
 """]]
+
+In addition, version 3.20141016.2 was released on the same day to backport
+the cross-site-scripting fix to Debian 8.
+
+[[!meta date="2015-03-29 22:46:39 +0100"]]