X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/67254135169cc57f4158f321b00964f250ca8d15..22879eba60c685c275af3d986fa54ae994f8d66a:/debian/changelog

diff --git a/debian/changelog b/debian/changelog
index 4b66aa697..0edd2ab33 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,21 @@
-ikiwiki (2.48) UNRELEASED; urgency=low
+ikiwiki (2.48) unstable; urgency=high
 
+  * Fix security hole that occurred if openid and passwordauth were both
+    enabled. passwordauth would allow logging in as a known openid, with an
+    empty password. Closes: #483770
   * Add rel=nofollow to edit links. This may prevent some spiders from
     pounding on the cgi following edit links.
-
- -- Joey Hess <joeyh@debian.org>  Wed, 28 May 2008 03:07:37 -0400
+  * passwordauth: If Authen::Passphrase is installed, use it to store
+    password hashes, crypted with Eksblowfish.
+  * `ikiwiki-transiition hashpassword /path/to/srcdir` can be used to
+    hash existing plaintext passwords.
+  * Passwords will no longer be mailed, but instead a password reset link.
+  * The password_cost config setting is provided as a "more security" knob.
+  * teximg: Fix logurl.
+  * teximg: If the log isn't written, avoid ugly error messages.
+  * Updated French translation. Closes: #478530
+
+ -- Joey Hess <joeyh@debian.org>  Fri, 30 May 2008 17:36:07 -0400
 
 ikiwiki (2.47) unstable; urgency=low