--- /dev/null
+ikiwiki 3.20170111 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * passwordauth: prevent authentication bypass via multiple name
+ parameters (CVE-2017-0356, OVE-20170111-0001)
+ * passwordauth: avoid userinfo forgery via repeated email parameter
+ (also in the scope of CVE-2017-0356)
+ * CGI, attachment, passwordauth: harden against repeated parameters
+ (not believed to have been a vulnerability)
+ * remove: make it clearer that repeated page parameter is OK here
+ * t/passwordauth.t: new automated test for passwordauth"""]]
\ No newline at end of file