-ikiwiki (3.20100723) UNRELEASED; urgency=low
+ikiwiki (3.20100815.6) testing; urgency=low
- * template: Fix dependency tracking. Broken in version 3.20100427.
+ * comments: Fix commenting, broken by security fix.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 24 Jan 2011 16:56:05 -0400
+
+ikiwiki (3.20100815.5) testing; urgency=low
+
+ * comments: Fix XSS security hole due to missing validation of page name.
+ CVE-2011-0428 (Thanks, Dave B.)
+
+ -- Joey Hess <joeyh@debian.org> Sat, 22 Jan 2011 11:02:59 -0400
+
+ikiwiki (3.20100815.4) testing; urgency=low
+
+ * meta: Fix calling of htmlscrubber to pass the page parameter.
+ The change of the htmlscrubber to look at page rather than destpage
+ caused htmlscrubber_skip to not work for meta directives.
+
+ -- Joey Hess <joeyh@debian.org> Mon, 29 Nov 2010 14:44:13 -0400
- -- Joey Hess <joeyh@debian.org> Fri, 23 Jul 2010 14:00:32 -0400
+ikiwiki (3.20100815.2) testing; urgency=low
+
+ * Bugfix-only cherry-pick release for Debian squeeze.
+ * Fix htmlscrubber_skip to be matched on the source page, not the page it is
+ inlined into. Should allow setting to "* and !comment(*)" to scrub
+ comments, but leave your blog posts unscrubbed, etc. CVE-2010-1673
+ * comments: Make postcomment() pagespec work when previewing a comment,
+ including during moderation. CVE-2010-1673
+ * comments: Make comment() pagespec also match comments that are being
+ posted. CVE-2010-1673
+ * openid: Syntax tweak to the javascript code to make it work with MSIE 7
+ (and MSIE 8 in compat mode). Thanks to Iain McLaren for reporting
+ the bug and providing access to debug it.
+ * blogspam: Fix crash when content contained utf-8.
+ * external: Disable RPC::XML's "smart" encoding, which sent ints
+ for strings that contained only a number, fixing a longstanding crash
+ of the rst plugin.
+ * websetup: Fix saving of advanced mode changes.
+ * websetup: Fix defaults of checkboxes in advanced mode.
+ * Fix test suite failure on other side of date line.
+ * Set isPermaLink="no" for guids in rss feeds.
+ * sortnaturally: Added missing registration of checkconfig hook.
+
+ -- Joey Hess <joeyh@debian.org> Fri, 12 Nov 2010 11:09:39 -0400
+
+ikiwiki (3.20100815) unstable; urgency=medium
+
+ * Fix po test suite to not assume ikiwiki's underlay is already installed.
+ Closes: #593047
+
+ -- Joey Hess <joeyh@debian.org> Sun, 15 Aug 2010 11:42:55 -0400
+
+ikiwiki (3.20100804) unstable; urgency=low
+
+ * template: Fix dependency tracking. Broken in version 3.20100427.
+ * po: The po_slave_languages setting is now a list, so the order of
+ translated languages can be controlled. (intrigeri)
+ * git: Fix gitweb historyurl examples so "diff to current" links work.
+ (Thanks jrayhawk)
+ * meta: Allow syntax closer to html meta to be used.
+ * Add new disable hook, allowing plugins to perform cleanup after they
+ have been disabled.
+ * Use Digest::SHA built into perl rather than external Digest::SHA1
+ to simplify dependencies. Closes: #591040
+ * Fixes a bug that prevented matching deleted pages when using the page()
+ PageSpec.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 04 Aug 2010 09:20:52 -0400
ikiwiki (3.20100722) unstable; urgency=low