]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - doc/news/version_3.20170111.mdwn
projects / git.ikiwiki.info.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'master' into debian-jessie-backports
[git.ikiwiki.info.git] / doc / news / version_3.20170111.mdwn
diff --git a/doc/news/version_3.20170111.mdwn b/doc/news/version_3.20170111.mdwn
new file mode 100644 (file)
index 0000000..03b2ac2
--- /dev/null
+++ b/doc/news/version_3.20170111.mdwn
@@ -0,0 +1,10 @@
+ikiwiki 3.20170111 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * passwordauth: prevent authentication bypass via multiple name
+     parameters (CVE-2017-0356, OVE-20170111-0001)
+   * passwordauth: avoid userinfo forgery via repeated email parameter
+     (also in the scope of CVE-2017-0356)
+   * CGI, attachment, passwordauth: harden against repeated parameters
+     (not believed to have been a vulnerability)
+   * remove: make it clearer that repeated page parameter is OK here
+   * t/passwordauth.t: new automated test for passwordauth"""]]
\ No newline at end of file
Unnamed repository; edit this file 'description' to name the repository.