X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/285b9d8b99717a1feab7fbf4b3795874fc0c247e..f38ad993b4b5f293ec691e0d3182e761791ee273:/debian/changelog diff --git a/debian/changelog b/debian/changelog index 13f7ab794..7dd7a2a29 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,61 @@ -ikiwiki (1.32) UNRELEASED; urgency=low +ikiwiki (1.33.4) stable-security; urgency=high + + * htmlscrubber security fix: Block javascript in uris. Closes: #465110 + * Add htmlscrubber test suite. + + -- Joey Hess Sun, 10 Feb 2008 13:34:28 -0500 + +ikiwiki (1.33.3) testing-proposed-updates; urgency=medium + + * Fix a security hole that allowed insertion of unsafe content via the meta + plugins's support for inserting html link and meta tags. Now such content + is passed through the htmlscrubber like everything else. + * Unfortunatly, that means that some valid uses of those tags are no longer + usable, and special case methods needed to be added for including + stylesheets, and for doing openid delegation. If you use either of these + in your wiki, it will need to be modified. See the meta plugin docs + for details. + + -- Joey Hess Wed, 21 Mar 2007 14:56:48 -0400 + +ikiwiki (1.33.2) testing-proposed-updates; urgency=medium + + * Backport fix for a security hole that allowed a web user to insert + arbitrary html in the title of a page due to missing escaping of + titles in the meta plugin. + * Fix examples directory location. + + -- Joey Hess Wed, 21 Mar 2007 01:55:02 -0400 + +ikiwiki (1.33.1) testing-proposed-updates; urgency=medium + + * Backport fix for a security hole that allowed a web user to edit images + and other non-page format files in the wiki. To exploit this, the file + already had to exist in the wiki, and the web user would need to somehow + use the web based editor to replace it with malicious content. + + -- Joey Hess Sat, 10 Feb 2007 15:30:12 -0500 + +ikiwiki (1.33) unstable; urgency=low + + * Fix issue with aggregate plugin updating expired pages. + * Avoid syntax errors in templates used by the template plugin crashing + ikiwiki. + * Enable utf8 file IO in aggregate plugin. + * Fix some issues with the new registration form. + * Patch from Ethan Glasser Camp to add a skip option to the inline plugin. + * Make sure to check for errors from every eval. + * Fix img plugin's handling of adding dependencies for images that do not + yet exist. + * Work around a strange bug in CGI::FormBuilder 3.0401 that makes + FORM-SUBMIT unusable on customised formbuilder templates. For now, + hardcode the submit buttons in editpage.tmpl instead of using the + template variable, which is ok, since the buttons are static. + * Work with hyperestraier 1.4.9. + + -- Joey Hess Wed, 15 Nov 2006 18:32:26 -0500 + +ikiwiki (1.32) unstable; urgency=low * Add a separate pass to find page links, and only render each page once, instead of over and over. Typical speedup is ~4x. Max possible speedup: @@ -20,8 +77,22 @@ ikiwiki (1.32) UNRELEASED; urgency=low them together. * Install the source of the examples into /usr/share/doc/ikiwiki/examples. * Add perlmagick to build-depends so syntax check of img plugin works. - - -- Joey Hess Mon, 30 Oct 2006 14:30:54 -0500 + Closes: #396702 + * Improve login/register process, the login dialog has only name and + password fields, which allows more web browsers to regognise it as a login + field, and is less confusing. + * Implemented expiry options for aggregate plugin. + * Use precalculated backlinks info when determining if files need an update + due to a page they link to being added/removed. Mostly significant if + there are lots of pages. + * Remove duplicate link info when saving index. In some cases it could + pile up rather badly. (Probably not the best way to deal with this + problem.) + * Patch from James Westby to support podcasting, photoblogging, vidcasting, + or what have you, by creating enclosures for non-page items that are + included in feeds. + + -- Joey Hess Fri, 3 Nov 2006 14:46:37 -0500 ikiwiki (1.31) unstable; urgency=low