update for rename of recentchanges.mdwn to json.tl.ph.mdwn

[git.ikiwiki.info.git] / doc / security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index 378a2e4bc892e113a16bf7133d998cb7acbc4c7a..29cbab6be136fcf5dd53c62e38dffe632ea29797 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -22,7 +22,7 @@ _(The list of things to fix.)_
 ## commit spoofing
 
 Anyone with direct commit access can forge "web commit from foo" and
-make it appear on [[RecentChanges]] like foo committed. One way to avoid
+make it appear on [[Json.tl.ph]] like foo committed. One way to avoid
 this would be to limit web commits to those done by a certain user.
 
 ## other stuff to look at
@@ -612,7 +612,7 @@ in version 3.20141016.4.
 
 ([[!debcve CVE-2017-0356]]/OVE-20170111-0001)
 
-## Server-side request forgery via aggregate plugin
+## <span id="cve-2019-9187">Server-side request forgery via aggregate plugin</span>
 
 The ikiwiki maintainers discovered that the [[plugins/aggregate]] plugin
 did not use [[!cpan LWPx::ParanoidAgent]]. On sites where the