X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/2bf2af30eaf62833bd07005cec103374fc0a7cae..d59b565b530c7334e24bf0ff2dbfcd76785000c6:/doc/news/version_2.48.mdwn?ds=inline diff --git a/doc/news/version_2.48.mdwn b/doc/news/version_2.48.mdwn index d78b42c54..76dbd7ddc 100644 --- a/doc/news/version_2.48.mdwn +++ b/doc/news/version_2.48.mdwn @@ -4,7 +4,7 @@ News for ikiwiki 2.48: If you allowed password based logins to your wiki, those passwords were stored in cleartext in the userdb. To guard against exposing users' - passwords, I recommend you install the Authen::Passphrase perl module, and + passwords, I recommend you install the [[cpan Authen::Passphrase]] perl module, and then run `ikiwiki-transition hashpassword /path/to/srcdir` to replace all existing cleartext passwords with strong (blowfish) hashes. @@ -13,6 +13,7 @@ ikiwiki 2.48 released with [[toggle text="these changes"]] * Fix security hole that occurred if openid and passwordauth were both enabled. passwordauth would allow logging in as a known openid, with an empty password. Closes: #[483770](http://bugs.debian.org/483770) + (CVE-2008-0169) * Add rel=nofollow to edit links. This may prevent some spiders from pounding on the cgi following edit links. * passwordauth: If Authen::Passphrase is installed, use it to store