X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/19945b53581a693ee4c4b32671313dea59c83f53..e943812dc9802d134f2d9627a6c4fc94fe9c26f9:/debian/changelog?ds=inline

diff --git a/debian/changelog b/debian/changelog
index d80ede67d..cdd8f8221 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,26 @@
-ikiwiki (2.47) UNRELEASED; urgency=low
+ikiwiki (2.48) UNRELEASED; urgency=high
+
+  * Fix security hole that occurred if openid and passwordauth were both
+    enabled. passwordauth would allow logging in as a known openid, with an
+    empty password.
+  * Add rel=nofollow to edit links. This may prevent some spiders from
+    pounding on the cgi following edit links.
+  * When calling decode_utf8 on known-problimatic content in aggregate,
+    explicitly pass 0 (FB_DEFAULT) as the second parameter. Apparently perl
+    5.8 needs this to avoid crashing on malformed utf-8, despite its docs
+    saying it is the default.
+  * passwordauth: If Authen::Passphrase is installed, use it to store
+    password hashes, crypted with Eksblowfish.
+  * `ikiwiki-transiition hashpassword /path/to/srcdir` can be used to
+    hash existing plaintext passwords.
+  * Passwords will no longer be mailed, but instead a password reset link.
+  * The password_cost config setting is provided as a "more security" knob.
+  * teximg: Fix logurl.
+  * teximg: If the log isn't written, avoid ugly error messages.
+
+ -- Joey Hess <joeyh@debian.org>  Wed, 28 May 2008 03:07:37 -0400
+
+ikiwiki (2.47) unstable; urgency=low
 
   * mdwn: Add a multimarkdown setup file option.
   * If PERL5LIB is set to the libdir when building ikiwiki, calculate and 
@@ -13,8 +35,13 @@ ikiwiki (2.47) UNRELEASED; urgency=low
     when generating recentchanges.
   * ENV can be used in the setup file to override environment variable
     settings, such as TZ or PATH.
+  * Perls older than 5.10 need to use the old method of decoding utf-8 in CGI
+    values. Neither method will work for all versions of perl, so check
+    version number at runtime.
+  * Avoid unsightly warning message when evaling broken pagespecs.
+  * Improve error message when a pagespec fails to parse.
 
- -- Joey Hess <joeyh@debian.org>  Tue, 13 May 2008 12:30:18 -0400
+ -- Joey Hess <joeyh@debian.org>  Sun, 25 May 2008 14:25:42 -0400
 
 ikiwiki (2.46) unstable; urgency=low