X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/1ea7fa90c2d6cfdc6c6d045cb0b15bd44fa9513a..72c3b81efb1079f8db070ac89e97e9b7bcedd61b:/doc/news/version_3.20150329.mdwn

diff --git a/doc/news/version_3.20150329.mdwn b/doc/news/version_3.20150329.mdwn
index 787efd965..7e0d3e0bc 100644
--- a/doc/news/version_3.20150329.mdwn
+++ b/doc/news/version_3.20150329.mdwn
@@ -1,9 +1,13 @@
-ikiwiki 3.20150329 released with [[!toggle text="these changes"]]
+ikiwiki 3.20150329 released with [[!toggle text="these changes"]]. This is a
+security update fixing a cross-site scripting vulnerability.
+
 [[!toggleable text="""
   [ [[Joey Hess|joey]] ]
+
   * Fix NULL ptr deref on ENOMEM in wrapper. (Thanks, igli)
 
   [ [[Simon McVittie|smcv]] ]
+
   * Really don't double-decode CGI submissions, even on Perl versions that
     bundle an old enough Encode.pm for that not to be a problem: the
     system might have a newer Encode.pm installed separately, like Fedora 20.
@@ -15,9 +19,16 @@ ikiwiki 3.20150329 released with [[!toggle text="these changes"]]
   * Consistently document command-line options as e.g. --refresh, not -refresh
 
   [ [[Amitai Schlair|schmonz]] ]
+
   * In VCS-committed anonymous comments, link to url.
 
   [ [[Joey Hess|joey]] ]
+
   * Fix XSS in openid selector. Thanks, Raghav Bisht.
     (Closes: [[!debbug 781483]])
 """]]
+
+In addition, version 3.20141016.2 was released on the same day to backport
+the cross-site-scripting fix to Debian 8.
+
+[[!meta date="2015-03-29 22:46:39 +0100"]]