- There is a significant change to the page.tmpl template in this version.
- If you have locally modified versions of that template, you will need
- to update it to contain the following in the HTML <head>:
+ To mitigate CVE-2016-3714 and similar ImageMagick security vulnerabilities,
+ the [[!img]] directive is now restricted to these common web formats by
+ default:
+
+ * JPEG (.jpg, .jpeg)
+ * PNG (.png)
+ * GIF (.gif)
+ * SVG (.svg)
+
+ (In particular, by default resizing PDF files is no longer allowed.)
+
+ Additionally, resized SVG files are displayed in the browser as SVG
+ instead of being converted to PNG.
+
+ If all users who can attach images are fully trusted, this restriction
+ can be removed with the new img_allowed_formats setup option.
+ See <https://ikiwiki.info/ikiwiki/directive/img/> for more details.
+
+ -- Simon McVittie <smcv@debian.org> Sun, 08 May 2016 16:30:55 +0100
+
+ikiwiki (3.20110122) unstable; urgency=low
+
+ If you have custom CSS that uses "#feedlinks" or "#blogform", you will
+ need to change it to instead use ".feedlinks" and ".blogform"
+
+ -- Joey Hess <joeyh@debian.org> Fri, 14 Jan 2011 14:34:54 -0400
+
+ikiwiki (3.20100515) unstable; urgency=low
+
+ There are two significant changes to the page.tmpl template in this version.
+ If you have a locally modified version of that template, you will need to
+ update it at least to contain the following in the HTML <head>: