+ikiwiki (2.49) UNRELEASED; urgency=low
+
+ * haiku: Generate valid xhtml.
+ * ikiwiki-mass-rebuild: Don't trust $! when setting $)
+ * inline: The optimisation in 2.41 broke nested inlines. Detect those
+ and avoid overoptimising.
+ * search: Converted to use xapian-omega.
+ * Filter hooks are no longer called during the scan phase. This will
+ prevent wikilinks added by filters from being scanned properly. But
+ no known filter hook does that, and calling filters unncessarily during
+ scan slowed down complex filters such as the one used to update the xapian
+ index.
+
+ -- Joey Hess <joeyh@debian.org> Fri, 30 May 2008 19:08:54 -0400
+
+ikiwiki (2.48) unstable; urgency=high
+
+ * Fix security hole that occurred if openid and passwordauth were both
+ enabled. passwordauth would allow logging in as a known openid, with an
+ empty password. Closes: #483770 (CVE-2008-0169)
+ * Add rel=nofollow to edit links. This may prevent some spiders from
+ pounding on the cgi following edit links.
+ * passwordauth: If Authen::Passphrase is installed, use it to store
+ password hashes, crypted with Eksblowfish.
+ * `ikiwiki-transiition hashpassword /path/to/srcdir` can be used to
+ hash existing plaintext passwords.
+ * Passwords will no longer be mailed, but instead a password reset link.
+ * The password_cost config setting is provided as a "more security" knob.
+ * teximg: Fix logurl.
+ * teximg: If the log isn't written, avoid ugly error messages.
+ * Updated French translation. Closes: #478530
+
+ -- Joey Hess <joeyh@debian.org> Fri, 30 May 2008 17:36:07 -0400
+
+ikiwiki (2.47) unstable; urgency=low
+
+ * mdwn: Add a multimarkdown setup file option.
+ * If PERL5LIB is set to the libdir when building ikiwiki, calculate and
+ hardcode a proper 'use lib' statement anyway. This fixes a gotcha,
+ since PERL5LIB won't work once ikiwiki is running via a wrapper or as
+ a cgi.
+ * orphans: As a special case, the toplevel index page is never considered
+ an orphaned page.
+ * inline: Display a message if the 'pages' parameter is missing, before
+ it just expanded to nothing.
+ * git: Skip over signed-off-by and similar lines in commit messages
+ when generating recentchanges.
+ * ENV can be used in the setup file to override environment variable
+ settings, such as TZ or PATH.
+ * Perls older than 5.10 need to use the old method of decoding utf-8 in CGI
+ values. Neither method will work for all versions of perl, so check
+ version number at runtime.
+ * Avoid unsightly warning message when evaling broken pagespecs.
+ * Improve error message when a pagespec fails to parse.
+
+ -- Joey Hess <joeyh@debian.org> Sun, 25 May 2008 14:25:42 -0400
+
+ikiwiki (2.46) unstable; urgency=low
+
+ * amazon_s3: New plugin, which injects wiki pages into Amazon S3, allowing
+ ikiwiki to be used without a dedicated web server.
+ * aggregate: Add support for web-based triggering of aggregation
+ for people stuck on shared hosting without cron. (Sheesh.) Enabled
+ via the `aggregate_webtrigger` configuration optiom.
+ * Add pinger and pingee plugins, which allow setting up mirrors and branched
+ wikis that automatically ping one another to stay up to date.
+ * Optimised file statting code when scanning for modified pages;
+ cut the number of system calls in half. (Still room for improvement.)
+ * Fixes for behavior changes in perl 5.10's CGI that broke utf-8 support
+ in several interesting ways.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 12 May 2008 20:51:50 -0400
+
+ikiwiki (2.45) unstable; urgency=low
+
+ * toc: Add the table of contents at sanitize time, rather than at format
+ time. This allows the toc to be displayed when previewing an edit. It also
+ avoids headers in the page template from showing up in the toc.
+ * Add PREFIX/bin to the hardcoded PATH within ikiwiki.
+ * Deal with different paths to perl when removing -T flag.
+ * Add missing de.po. Closes: #471540
+ * img: Support a title attribute, will be passed through to html.
+ Closes: #478718
+ * anonk: Add anonok_pagespec configuration setting that can be used to
+ allow anonymous users to edit only matching pages. Closes: #478892
+ * Fix ugly display when editing a page that has vanished.
+ * srcfile now has an optional second parameter to avoid it throwing an error
+ if the source file does not exist.
+ * git: Put -- before the filename when calling git rev-list to avoid
+ warning message when the file doesn't exist.
+ * Add a Bundle::IkiWiki and Bundle::IkiWiki::Extras to the source for use
+ with CPAN to install perl modules.
+ * Add a cpan directory containing a CPAN::MyConfig that can ease use of
+ CPAN to install in a home directory on shared hosting providers.
+ * With these changes, it's pretty easy to install onto nearlyfreespeech.net
+ and probably other shared hosting providers like dreamhost. Added
+ a page documenting the process for nearlyfreespeech.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 05 May 2008 15:06:05 -0400
+
+ikiwiki (2.44) unstable; urgency=medium
+
+ * Bring back the svnrepo setup file option. This is needed for
+ recentchangediff to work with svn repos.
+ * Allow libtext-markdown-perl to satisfy dependencies, as a
+ an alternative to the markdown package.
+ * Correct a bug in pagespec matching, where a empty pagespec matched all
+ pages. This manifested as wikis with no locked pages treating them all as
+ locked. The bug was introduced in version 2.41.
+ * Medium urgency upload due to above fix.
+
+ -- Joey Hess <joeyh@debian.org> Thu, 17 Apr 2008 14:33:54 -0400
+
+ikiwiki (2.43) unstable; urgency=low
+
+ * Fix missing import of escapeHTML in userlink. (Scott Bronson)
+ * Fix broken rcs_update for bzr. (Scott Bronson)
+ * Use bzr --quiet to avoid it outputting stuff and messing up http headers.
+ (Scott Bronson)
+ * Give the full path to the hyperestraier helpfile in estseek.conf.
+ * Recommend a recent git-core for git init. Closes: 475609
+
+ -- Joey Hess <joeyh@debian.org> Wed, 16 Apr 2008 18:35:13 -0400
+
+ikiwiki (2.42) unstable; urgency=high
+
+ * aggregate: Correct a mistake in the code that dummy up a guid for feeds
+ lacking one.
+ * inline: Correct handling of urls relative to baseurl in feeds.
+ * Fix CSRF attacks against the preferences and edit forms. The fix involved
+ embedding the session id in the forms, and not allowing the forms to be
+ submitted if the embedded id does not match the session id. Closes: #475445
+ (CVE-2008-0165)
+
+ -- Joey Hess <joeyh@debian.org> Thu, 03 Apr 2008 02:35:39 -0400
+
+ikiwiki (2.41) unstable; urgency=low