-ikiwiki (1.32) UNRELEASED; urgency=low
+ikiwiki (1.33.4) stable-security; urgency=high
+
+ * htmlscrubber security fix: Block javascript in uris. Closes: #465110
+ * Add htmlscrubber test suite.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 13:34:28 -0500
+
+ikiwiki (1.33.3) testing-proposed-updates; urgency=medium
+
+ * Fix a security hole that allowed insertion of unsafe content via the meta
+ plugins's support for inserting html link and meta tags. Now such content
+ is passed through the htmlscrubber like everything else.
+ * Unfortunatly, that means that some valid uses of those tags are no longer
+ usable, and special case methods needed to be added for including
+ stylesheets, and for doing openid delegation. If you use either of these
+ in your wiki, it will need to be modified. See the meta plugin docs
+ for details.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 21 Mar 2007 14:56:48 -0400
+
+ikiwiki (1.33.2) testing-proposed-updates; urgency=medium
+
+ * Backport fix for a security hole that allowed a web user to insert
+ arbitrary html in the title of a page due to missing escaping of
+ titles in the meta plugin.
+ * Fix examples directory location.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 21 Mar 2007 01:55:02 -0400
+
+ikiwiki (1.33.1) testing-proposed-updates; urgency=medium
+
+ * Backport fix for a security hole that allowed a web user to edit images
+ and other non-page format files in the wiki. To exploit this, the file
+ already had to exist in the wiki, and the web user would need to somehow
+ use the web based editor to replace it with malicious content.
+
+ -- Joey Hess <joeyh@debian.org> Sat, 10 Feb 2007 15:30:12 -0500
+
+ikiwiki (1.33) unstable; urgency=low
+
+ * Fix issue with aggregate plugin updating expired pages.
+ * Avoid syntax errors in templates used by the template plugin crashing
+ ikiwiki.
+ * Enable utf8 file IO in aggregate plugin.
+ * Fix some issues with the new registration form.
+ * Patch from Ethan Glasser Camp to add a skip option to the inline plugin.
+ * Make sure to check for errors from every eval.
+ * Fix img plugin's handling of adding dependencies for images that do not
+ yet exist.
+ * Work around a strange bug in CGI::FormBuilder 3.0401 that makes
+ FORM-SUBMIT unusable on customised formbuilder templates. For now,
+ hardcode the submit buttons in editpage.tmpl instead of using the
+ template variable, which is ok, since the buttons are static.
+ * Work with hyperestraier 1.4.9.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 15 Nov 2006 18:32:26 -0500
+
+ikiwiki (1.32) unstable; urgency=low
* Add a separate pass to find page links, and only render each page once,
instead of over and over. Typical speedup is ~4x. Max possible speedup:
them together.
* Install the source of the examples into /usr/share/doc/ikiwiki/examples.
* Add perlmagick to build-depends so syntax check of img plugin works.
-
- -- Joey Hess <joeyh@debian.org> Mon, 30 Oct 2006 14:30:54 -0500
+ Closes: #396702
+ * Improve login/register process, the login dialog has only name and
+ password fields, which allows more web browsers to regognise it as a login
+ field, and is less confusing.
+ * Implemented expiry options for aggregate plugin.
+ * Use precalculated backlinks info when determining if files need an update
+ due to a page they link to being added/removed. Mostly significant if
+ there are lots of pages.
+ * Remove duplicate link info when saving index. In some cases it could
+ pile up rather badly. (Probably not the best way to deal with this
+ problem.)
+ * Patch from James Westby to support podcasting, photoblogging, vidcasting,
+ or what have you, by creating enclosures for non-page items that are
+ included in feeds.
+
+ -- Joey Hess <joeyh@debian.org> Fri, 3 Nov 2006 14:46:37 -0500
ikiwiki (1.31) unstable; urgency=low