web commit by http://ptecza.myopenid.com/: * Problem with uploading attachments

[git.ikiwiki.info.git] / doc / news / version_2.48.mdwn

diff --git a/doc/news/version_2.48.mdwn b/doc/news/version_2.48.mdwn
index a0c52f4e8120708c546c2d791dbd42a5ef4a296a..76dbd7ddc340b20f590cae9df6fe9a60cdfd6e89 100644 (file)
--- a/doc/news/version_2.48.mdwn
+++ b/doc/news/version_2.48.mdwn
@@ -13,6 +13,7 @@ ikiwiki 2.48 released with [[toggle text="these changes"]]
    * Fix security hole that occurred if openid and passwordauth were both
      enabled. passwordauth would allow logging in as a known openid, with an
      empty password. Closes: #[483770](http://bugs.debian.org/483770)
    * Fix security hole that occurred if openid and passwordauth were both
      enabled. passwordauth would allow logging in as a known openid, with an
      empty password. Closes: #[483770](http://bugs.debian.org/483770)

+     (CVE-2008-0169)

    * Add rel=nofollow to edit links. This may prevent some spiders from
      pounding on the cgi following edit links.
    * passwordauth: If Authen::Passphrase is installed, use it to store
    * Add rel=nofollow to edit links. This may prevent some spiders from
      pounding on the cgi following edit links.
    * passwordauth: If Authen::Passphrase is installed, use it to store